Senior Application Security AnalystApply Job ID: R-010469 Date posted: 09/11/2020 Primary Location SC-Fort Mill
LPL is hiring a Senior Application Security Analyst role for our Information Security team.
As a senior member of the Information Security team, the Senior Application Security Analyst will be responsible for helping to develop and mature the Application Security program for the company. Application security is a top area of focus at LPL. We have incorporated key industry security best practices, technologies and integrated processes to further strengthen our defense posture. This is an exciting time to join the Information Security Vulnerability management team as we are continuing to expand the vulnerability management program. Location: Considered in Charlotte (Fort Mill), San Diego, or Austin
- Perform as a vulnerability management application security SME in the following areas: Web Applications, Mobile Applications, Databases, APIs and other domains.
- Create and maintain scan profiles for performing static, authenticated dynamic, and 3rd party library automated analysis with application scanning tools
- Review and analyze vulnerability scan static and dynamic results and track closure of vulnerabilities
- Work with Application Development teams to review potential false-positive scan results and evaluate proposed mitigating factors
- Perform manual testing of APIs and web applications to identify/validate vulnerabilities
- Produce and track application security metrics
- Support the secure development and testing of critical Advisor and Investor LPL applications
- Mentor and educate product development and quality engineers on secure development and security best practices
- Monitor and review CVEs, industry developments, and provide inputs for continuous improvement
- Work with Internal Audit, IT Governance, IT Compliance and other key stakeholder groups on specific projects
- Develop and maintain enterprise security libraries, components, best practices checklists and perform application security risk evaluation, partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement.
- Other duties as assigned.
- Bachelors and/or Master’s Degree or equivalent in Information Security, Engineering, Computer Science.
- 5+ years of combined Application Development and Security Engineering or Security Architecture experience
- Developer with strong application security acumen, hands on experience with security design reviews and threat modeling
- Experience using Application Security Code Scanning Tools such as Veracode and J-Frog as well as manual tools such as Burpsuite and Postman
- Knowledge of secure coding best practices, secure SDLC, secure architecture, and DevOps methodologies
- In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
- Experience working with security of applications developed in C#, Java, and web (HTML, CSS, JS, React, REST) technologies
- Experience creating and managing policy, processes and procedure documents
- Strong analytical, interpersonal and communication skills
- Ability to train and mentor agile development teams
- Relevant industry security certification preferred
At LPL, we believe that objective financial guidance is a fundamental need for everyone. As the nation’s leading independent broker-dealer, we offer an integrated platform of proprietary technology, brokerage, and investment advisor services. We provide you with a work environment that encourages your creativity and growth, a leadership team that is supportive and responsive, and the opportunity to create a career that has no limits, only amazing potential.
We are one team on one mission. We take care of our advisors, so they can take care of their clients.
Because our company is not too big and not too small, you can seize the opportunity to make a real impact. We are committed to supporting workplace equality, and we embrace the different perspectives and backgrounds of our employees.We also care for our communities, and we encourage our employees to do the same. This creates an environment in which you can do your best work.
Want to hear from our employees on what it’s like to work at LPL? Watch this!
We take social responsibility seriously. Learn more here
Want to see info on our benefits? Learn more here
Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please log in or create an account to apply to this position. Principals only. EOE.
Information on Interviews:
LPL will only communicate with a job applicant directly from an @lpl.com email address and will never conduct an interview online or in a chatroom forum. During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant’s bank or credit card. Should you have any questions regarding the application process, please contact LPL’s Human Resources Solutions Center at (800) 877-7210.