The Chubb Information Security team is responsible for protecting information and information systems against unauthorized access, detecting and responding to attempts to gain access and enabling access through our identity processes. Chubb operates a global information security team supporting local business units across five regions (Asia Pacific, North America, Latin America, Japan, and Europe including the Middle East and Africa). Our global information security strategy is developed with input from each of these regions and translated into programs that are then executed by the regions using resources from each region (especially, our infrastructure partners). 

 

The Sr. Application Security Analyst Role is a global role that requires an understanding of application security and the dev-ops process.  This role will support the growth of the Application Vulnerability program. Candidates are required to have broad knowledge of application vulnerability identification, remediation, and management practices. They will engage directly with the application development community to drive adherence to and expansion of the Application Vulnerability program. 

 

Roles and Responsibilities:

The position roles and responsibilities include but are not limited to:

Engage with lead developers and architects, providing insight and support for Application Vulnerability program policies and practices Support application development teams with issues pertaining to vulnerability management: Understanding vulnerability reports resulting from automated and manual security tests Provide guidance for remediation work required for identified vulnerabilities Help teams apply secure development practices as instructed through training modules Provide oversight and guidance on application security toolset, including all facets of security scanning (DAST, SAST, SCA, Mobile)  Help with strategic direction for security testing tools by maintaining familiarity with industry trends and solutions, in collaboration with Application Security Architects Help define, and drive the adoption of, a global approach to application vulnerability management through collaboration with teams

Minimum Qualifications:

Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. and experience with application security conceptsMinimum 3-5 years of experience working in Application SecurityKnowledge of application vulnerability remediation best practicesExperience with the HCL AppScan toolset, including configuration and operationsExperience with using tools to perform SAST/SCA scanning and remediation (e.g., Checkmarx, HCL ASoC, GitHub Advanced Security, etc.)Ability to understand and instruct secure coding best practicesFamiliarity or experience with CI/CD pipelines and Agile methodologiesStay informed on the industry standing of application vulnerabilities and solutions, as reported through OWASP and other industry sourcesStrong organizational, analytical and customer service skillsAbility to work effectively as an individual, and within a team environmentAbility to communicate effectively (both written and verbal communication)Willingness and desire to learn the latest technologies 

Preferred Qualifications

Experience with integrating security testing into DevOps pipelinesKnowledge of risk management processes (e.g., methods for assessing and mitigating risk)Knowledge of specific operational impacts of cybersecurity lapsesKnowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)Experience with one or more programming languages