Application Security Analyst

Job Expired

About the job


FNF is seeking an Application Security Analyst to join its Information Security Office (ISO). This position will be reporting to the Manager of Product Security. The ideal candidate has experience in application and cloud security controls, processes, and technology, with working knowledge of DevOps, as well as knowledge of public/private/hybrid cloud infrastructures, client/server applications, security controls and implementation strategies.

  • Contribute on an individual basis to raise the application security posture across the organization.
  • Monitor automated testing tools, triage identified issues, and work with development teams on remediation.
  • Perform and/or assist with internal application security assessments, audits, and tests as needed to ensure proper functioning of data processing activities and security measures
  • Research the latest in information technology security trends and compliance trends to keep up to date with the subject and use the latest technology to protect information.
  • Build and sustain good working relationships with development and infrastructure teams and involve them in the overall application and cloud Security Technology strategy.
  • Act as a subject matter expert for application owners and developers in understanding vulnerabilities, threats and how to remediate or mitigate them.

To be successful in this position, you will need a deep technical understanding of security as a business enabler, an understanding of popular platforms and languages, and the ability to learn new information at a rapid pace. Excellent verbal, written and presentation skills, strong interpersonal skills, and the ability to work effectively across project teams is a must. A strong track record in cyber security is critical, but the willingness and drive to improve security overall is even more important.


  • Bachelor’s degree in Computer Science or Business with emphasis in IT or equivalent experience or education
  • 3+ years of experience in various security and technology domains
  • Experience in modern Azure development and delivery platforms
  • Subject matter expertise in Azure security
  • Experience using SAST, DAST/IAST and SCA tools and ability to communicate their results and findings clearly to application owners and developers.
  • Hands-on experience with information security considerations and practices on Microsoft’s application stack, including .NET, .NET Core, Azure PaaS services, and Azure DevOps

Preferred Qualifications

  • Experience with Container security platforms
  • Prior development experience with C# and the Microsoft application stack
  • Experience with Fortify on Demand (SAST), Contrast (IAST), and StackRox/Red Hat ACS a plus
  • Continuous integration and delivery tooling (CI/CD)
  • Current security certification (e.g., CISSP, CISM) is a plus
  • Demonstrated experience in helping application development and product teams shift left on application security

More Information

  • This job has expired!

Leave your thoughts