Analyst, Application Security

Overview:

Job Purpose

An ICE IS AppSec Analyst, Engineer, or Senior Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management.

Responsibilities

• Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing.
• Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS.
• Secure Design – Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
• Tool Management – Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application’s security with static code analyzers (SAST), dynamic testing (DAST) tools, open source security scanners, Web Application Firewall (WAF) and bug bounty programs.
• Developer Education – Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities.

Desirable Knowledge and Experience

• Software engineering experience in Java, C++, .NET and/or related languages
• Expert at deploying, configuring, and using SAST, DAST, and Open Source Security scanning tools in large environments
• Experience designing solutions to secure sensitive data and secrets by applying cryptography, proper access control, and utilizing hardware security modules (HSM)
• Familiar with blockchain, public/private key management, cryptocurrency, and/or experience securing enterprise implementations
• University degree in Computer Science, Engineering, MIS, CIS, or related discipline

Specific Technologies: Checkmarx, WebInspect, BurpSuite, JFrog Xray, Python, Django, Java, C++, HTML5, .NET, iOS & Android, MySQL, Oracle DB, Cloudfare, Akamai

Analyst, Engineer, and Sr. Engineer Distinction
Seniority is determined by experience and demonstration of exceptional competencies including:

• Documenting and effectively publishing technology guidance and repeatable processes
• Mentoring peers in groups and individually
• Improving processes and introducing superior technology
• Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices

-: Intercontinental Exchange, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to legally protected characteristics.