Sr. Application Security Analyst

'''Green Dot Corporation

Position Description'''

POSITION TITLE: Senior Application Security Analyst

REPORTS TO: SVP, Chief Information Security Officer

WORKS WITH: Vendors, staff

POSITION OVERVIEW:

The Senior Application Security Analyst is a key member of the Information Security team at Green Dot Corporation. The Analyst will primarily be responsible for leading the development, implementation and maintenance of the Application Security program across all IT development groups. This is a hand's on position that requires someone who has had a great deal of application development and coding experience together with a very deep understanding of Information Security and Secure Coding principles.

HOURS: Full Time (generally 40 hours, Monday – Friday)

POSITIONS SUPERVISED- none currently

DUTIES/RESPONSIBILITIES/EXPECTATIONS

•	Developing the Application Security program through a very close collaboration all Green Dot development teams.

•	 The creation of all the necessary documentation that codifies the Application Security program. This will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary Security Checkpoints, code review methodologies etc.

•	The development and leading of training programs that will be used to train developers on secure code development practices.

•	Ensuring that application security requirements are identified early on and are being baked into all projects.

•	Plans, coordinates, and leads teams tasked with the design, integration, development, validation and implementation of specific security policies, systems and services.

•	Evaluates new security technology & trends, and then makes recommendations to strengthen our information security environment.

•	Leads the assessment and acquisition of application security tools and technologies.

•	Participates as a subject matter expert in the Green Dot incident response program.

•	Attends design and application architectural reviews and actively leads the discussions from a security standpoint.

•	Evaluates application development and implementation activities for possible vulnerabilities.

•	Identifies gaps in compliance with PCI-DSS, GLBA, and SOX.

•	Adheres to all policies and procedures concerning all confidential information including but not limited to internal use and restricted information, including Protected Consumer Information (PCI) and Protected Health Information (PHI)

•	Adheres to all Company Health and Safety policies and procedures.

•	Administer duties as defined by the Green Dot performance review plan within the required deadlines.

•	Other duties as assigned by supervisor.

QUALIFICATIONS: (MUST HAVES)

•	Working knowledge of programming languages, such as .NET, C#, XML and web based technologies.

•	Knowledge of SQL database architectures and database query languages.

•	Knowledge of regulations and security compliance requirements such as PCI DSS, GLBA, and SOX.

•	Good communication in English, both oral and written (presentations, technical reports and proposals);

•	Strong analytical, evaluative, and problem-solving abilities;

•	Membership and active participation in security organizations, such as OWASP, ISSA, and SANS.