Application Security Analyst
Bloomington, Illinois, Us
• Lead security analyst for multiple (between ten and fifteen) concurrent projects with multiple production implementation dates. • Develop and oversee security design and implementation for several projects from the planning phase through implementation. • Create and maintain necessary security documentation to include role-based access matrixes, network security topologies, vendor security audits, and both static and dynamic code scan results. • Ensure input validation is adequate on both user interface and web service calls.• Facilitate and analyze Criticality and Information Risk Assessments using the FAIR methodology. These assessments are used to determine any risk State Farm will incur once the solution is implemented.• Advise the business area on State Farm’s Enterprise Information Security Policy and assist them in filing for any exceptions to the policy when they are not in compliance. Explain mitigating security controls that are in place or under development for the project. Ensures compliance with government regulations to include, but not limited to, HIPAA and GLBA.• Evaluate multiple third party vendors and their applications. This includes Vendor Security Posture Assessments (VSPA), SSAE 16s, SAS 70s, reviewing security policies, business continuity and disaster recovery plans, and physical and operational security of the vendors.• Regularly discuss and explain complex security topics, processes and issues with a variety of business partners who may have limited technical knowledge through email, phone conferences, online meetings, and in person.• Review static and dynamic code scans for all applications and services for assigned projects, while ensuring vulnerabilities are mitigated, identified as a false-positive, or accepted by the proper authority through the risk management process.• Document and analyze any security violations through an ISRR (Information Security Review Request) and follow State Farm guidelines for remediation.