Talent.com
No longer accepting applications
Application Security Analyst

Application Security Analyst

Marriott Vacations WorldwideCrozet, VA, US
15 hours ago
Job type
  • Full-time
Job description

Relocation and Office Location

Relocation Assistance Available

Required three (3) days in the Orlando Headquarters Office and remote two (2) days.

Position Summary

As a member of the professional staff, contributes general knowledge and skill in a discipline area. (e.g., Accounting, Finance, Human Resources, Information Resources, Operations Planning & Support, Sales & Marketing) to support team and / or department objectives.

Generally, works under limited supervision, but within established guidelines, producing and analyzing more complex business information to assist in the decision-making process.

Specific Job Summary

The Application Security Analyst role is responsible for incorporating security measures into the complete DevOps lifecycle and ensuring that security is an integral aspect of all software development and deployment processes. This position focuses on conducting comprehensive security assessments like static and dynamic analyses, code reviews, and automated vulnerability scans across various applications and environments. It also involves enforcing secure coding standards by collaborating with development, operations, and security teams to integrate vulnerability remediation within CI / CD pipelines.

In addition to conducting hands-on offensive security testing, this role requires expertise in mapping attack scenarios to frameworks such as the MITRE ATT&CK framework to assess the organization's defense mechanisms. The individual will be responsible for identifying weaknesses in both existing and new systems and providing detailed recommendations for improving security measures across various technology environments. The ideal candidate is a highly skilled and collaborative security professional with a deep understanding of offensive security techniques and a passion for improving security processes through continuous testing and learning.

Expected Contributions

  • Contributes to team, department, and / or business results by performing complex quantitative and qualitative analysis for business processes and / or projects. Often manages small projects, business processes or parts of larger ones.
  • Responds to, solves, and makes decisions on more complex / non-routine business requests with limited to moderate risk.
  • Performs more complex quantitative and qualitative analysis for business processes and / or projects. Often manages small projects, business processes or parts of larger ones.
  • Responds to, solves, and makes decisions on more complex / non-routine business requests with limited to moderate risk.
  • Assists more senior associates in achieving business results by identifying opportunities to enhance the effectiveness of business processes.
  • Participating in setting department operating plans.
  • Achieving results against budget within scope of responsibility.
  • Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.

Specific Expected Contributions

  • Conducts thorough penetration testing of infrastructure, web applications, APIs, and cloud environments to identify vulnerabilities and potential attack vectors.
  • Collaborates with application development teams to implement security testing practices early in the software development lifecycle (SDLC), ensuring secure code and configurations.
  • Reviews application development processes to ensure secure coding practices are followed, identifying vulnerabilities in the development, staging, and production environments.
  • Leads red team exercises simulating advanced persistent threats (APTs) to assess the organization's security resilience in real-world attack scenarios.
  • Collaborates closely with blue team members to provide feedback on detection and response efforts and support the development of effective defenses.
  • Maps offensive security test results to the MITRE ATT&CK framework to ensure comprehensive understanding of adversary tactics, techniques, and procedures (TTPs).
  • Executes vulnerability assessments and performs threat simulations to evaluate the effectiveness of security controls in place.
  • Conducts vulnerability validation, including verifying the exploitability of identified vulnerabilities and conducting follow-up testing to confirm remediation.
  • Leads and mentors junior security analysts, providing guidance on offensive security techniques and tools.
  • Develops and refines testing methodologies, including custom attack scenarios to improve the organization's testing capabilities.
  • Collaborates with IT, security engineering, and development teams to ensure vulnerabilities are prioritized and remediated effectively.
  • Documents and communicates findings, providing clear, actionable recommendations to improve security across technology platforms.
  • Stays up to date with emerging threats and vulnerability trends, continuously improving security testing practices and capabilities.

    • Candidate Profile

    Successful candidates should possess knowledge, experience, and demonstrate leadership skills as follows :

    Generally, a professional position with specific knowledge in a discipline (e.g., Accounting, Human Resources, Information Resources). College degree and / or relevant experience typically required.

    Specific Candidate Profile

    Education

  • Bachelor's degree in computer science, Information Security, or a related field. Equivalent work experience may be considered in lieu of a degree.

    • Certifications Preferred

  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • GIAC Penetration Tester (GPEN)
  • Offensive Security Web Expert (OSWE)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • GIAC Web Application Penetration Tester (GWAPT)

    • Experience

  • At least 4 years of experience in offensive security roles, including penetration testing, red teaming, and application security testing.
  • Hands-on experience with penetration testing tools (e.g., Burp Suite, Metasploit, Kali Linux, Cobalt Strike) and custom scripting for security testing.
  • Proven expertise in identifying and exploiting vulnerabilities in applications, including web applications, mobile apps, APIs, and cloud platforms.
  • Experience working with modern development practices, including DevSecOps, CI / CD pipelines, and integrating security testing into the software development lifecycle (SDLC).
  • Deep knowledge of application security testing methods, including static analysis, dynamic analysis, and fuzzing.
  • Familiarity with security practices such as Secure Development Lifecycle (SDL), Secure Code Reviews, and application security code scanning.
  • Experience with cloud platforms (AWS, Azure, GCP) and container security (e.g., Docker, Kubernetes).
  • Ability to map attack scenarios to the MITRE ATT&CK framework and provide insights for improving security defenses.

    • Skills / Attributes

  • Advanced Penetration Testing Skills : Deep knowledge of testing web and mobile applications, APIs, and cloud services for vulnerabilities, with strong experience exploiting weaknesses to simulate real-world attacks.
  • Application Security Expertise : Extensive experience with application security practices, secure code reviews, and vulnerability scanning tools.
  • Secure Development Knowledge : Strong understanding of application development methodologies (e.g., Agile, DevOps) and experience incorporating security into development processes and pipelines.
  • Red Team Expertise : Ability to simulate sophisticated attack techniques and scenarios, providing insight into potential attack paths and evaluating the organization's defenses.
  • Cloud Security Knowledge : Solid understanding of cloud security best practices, including securing cloud environments (AWS, Azure) and containerized applications (Docker, Kubernetes).
  • Vulnerability Management & Exploitability : Expertise in validating vulnerabilities, assessing their risk, and verifying exploitability across a wide range of systems.
  • Incident Response Collaboration : Ability to work with incident response teams to translate offensive testing results into actionable intelligence for defensive improvements.
  • Strong Documentation and Reporting Skills : Ability to document testing methodologies, findings, and recommendations clearly and concisely, and communicate technical issues to both technical and non-technical stakeholders.
  • Mentorship & Leadership : Ability to lead and mentor junior security team members, promoting a culture of continuous improvement in offensive security practices.
  • Problem-Solving & Analytical Thinking : Strong problem-solving skills, with the ability to think like an attacker to uncover vulnerabilities and develop strategies for exploitation and risk mitigation.

    • Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.

    J-18808-Ljbffr

    Create a job alert for this search

    Application Analyst • Crozet, VA, US

    Related jobs
    • Promoted
    All-Source Intelligence Analyst (TS / SCI FSP)

    All-Source Intelligence Analyst (TS / SCI FSP)

    Right SeatGreenway, VA, US
    Full-time
    All-Source Intelligence Analyst — On-Site, McLean, VA (TS / SCI FSP).Client | Analyst Jobs | Clearance : TS / SCI with Full-Scope Polygraph | Work Location : Government Facility (Northern Virginia)...Show moreLast updated: 5 days ago
    • Promoted
    • New!
    Senior Manager, Information Security Office (ISO) Consultant

    Senior Manager, Information Security Office (ISO) Consultant

    Capital OneCharlottesville City, VA, United States
    Full-time +1
    Senior Manager, Information Security Office (ISO) Consultant At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security.You are pragmat...Show moreLast updated: 13 hours ago
    • Promoted
    Program Manager - CASS

    Program Manager - CASS

    Clearance JobsCharlottesville, VA, US
    Full-time
    Celesstar Corporation is seeking a Program Manager to support The U.Army Intelligence and Security Command (INSCOM) National Ground Intelligence Center (NGIC) Cyber Analysis Support Services (CASS)...Show moreLast updated: 30+ days ago
    • Promoted
    Security Professional - Distribution Center Patrol - Part Time

    Security Professional - Distribution Center Patrol - Part Time

    Clearance JobsHarrisonburg, VA, US
    Full-time +1
    Security Professional - Distribution Center Patrol - Part Time.Allied Universal, North America's leading security and facility services company, offers rewarding careers that provide you a sense of...Show moreLast updated: 10 days ago
    • Promoted
    • New!
    Lead Information Security Office Consultant

    Lead Information Security Office Consultant

    Capital OneNewcomb Hall, VA, US
    Full-time +1
    Lead Information Security Office Consultant At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security and Risk Management.You are prag...Show moreLast updated: 7 hours ago
    OSINT Journeyman Intelligence Analyst

    OSINT Journeyman Intelligence Analyst

    Hoplite GroupCharlottesville, VA, US
    Full-time
    Quick Apply
    Journeyman Intelligence Analyst Bottom Line Up Front : Hoplite Group is seeking a Journeyman Intelligence Analyst to support t he United States (U. Army Intelligence and Security Command...Show moreLast updated: 22 days ago
    • Promoted
    Senior Business System Analyst

    Senior Business System Analyst

    SentaraHarrisonburg, VA, United States
    Full-time
    We are seeking two highly skilled.Enterprise Communication Center team.These roles are critical to supporting the.After-Hours Answering Service (SAHAS). As a Senior Business Analyst, you will serve ...Show moreLast updated: 21 days ago
    • Promoted
    Security Professional - Distribution Center - Part Time

    Security Professional - Distribution Center - Part Time

    Clearance JobsMount Crawford, VA, US
    Full-time +1
    Security Professional - Distribution Center - Part Time.Allied Universal, North America's leading security and facility services company, offers rewarding careers that provide you a sense of purpos...Show moreLast updated: 4 days ago
    • Promoted
    Security Officer - Armed

    Security Officer - Armed

    SentaraCharlottesville, VA, United States
    Full-time +1
    Sentara Martha Jefferson Hospital, located in Charlottesville, VA, is hiring an.Sentara, you will ensure a physically safe and secure environment for patients, visitors, and employees.This position...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Manager, Network Security, Tech & Data Risk Management

    Manager, Network Security, Tech & Data Risk Management

    Capital OneHarrisonburg, VA, US
    Full-time +1
    Manager, Network Security, Tech & Data Risk Management Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers.We are serious about tech...Show moreLast updated: 13 hours ago
    • Promoted
    Store Security Specialist

    Store Security Specialist

    WegmansCharlottesville, VA, US
    Full-time
    Working at Wegmans provides opportunities to grow, flexible scheduling, incredible benefits, and the experience of working for a company with a reputation you can be proud of.Note : Law enforcement ...Show moreLast updated: 30+ days ago
    • Promoted
    Security Professional - Distribution Center Patrol - Part Time

    Security Professional - Distribution Center Patrol - Part Time

    Allied UniversalHarrisonburg, VA, US
    Full-time +1
    Security Professional - Distribution Center Patrol - Part Time.As a Security Professional in Harrisonburg, VA, you will serve and safeguard clients in a range of industries such as Logistics & Dist...Show moreLast updated: 10 days ago
    • Promoted
    Director, Technical Program Management - Secured Card

    Director, Technical Program Management - Secured Card

    Capital OneHARRISONBURG, Virginia, United States
    Full-time +1
    Director, Technical Program Management - Secured Card.Are you interested in leading programs that deliver on critical business goals and build large scale products & platforms?.At Capital One, we’r...Show moreLast updated: 1 day ago
    • Promoted
    • New!
    Senior Lead Information Security Office Consultant

    Senior Lead Information Security Office Consultant

    Capital OneHarrisonburg, VA, US
    Full-time +1
    Senior Lead Information Security Office Consultant At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security.You are pragmatic and pra...Show moreLast updated: 13 hours ago
    • Promoted
    Multi-Site Security Officer

    Multi-Site Security Officer

    SecuritasCharlottesville, VA, US
    Full-time
    Focus on the core content of the job post, removing all extra metadata, navigation mentions, and redundant headers.Keep the formatting beautiful and high signal to noise ratio.Show moreLast updated: 30+ days ago
    • Promoted
    Remote Commercial Banking Analyst - AI Trainer

    Remote Commercial Banking Analyst - AI Trainer

    Data AnnotationCharlottesville, Virginia
    Remote
    Full-time +1
    We are looking for a finance professional to join our team to train AI models.You will measure the progress of these AI chatbots, evaluate their logic, and solve problems to improve the q...Show moreLast updated: 30+ days ago
    • Promoted
    Senior Manager - Global Payment Network Information Security Office (ISO) Consultant

    Senior Manager - Global Payment Network Information Security Office (ISO) Consultant

    Capital OneCharlottesville, VA, US
    Full-time +1
    Senior Manager - Global Payment Network Information Security Office (ISO) Consultant.At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information ...Show moreLast updated: 11 days ago
    • Promoted
    Security Escort

    Security Escort

    Clearance JobsCharlottesville, VA, US
    Full-time
    Are you ready to join a dynamic team and play a crucial role in ensuring the safety and security of our facilities? Chenega is seeking dedicated Escorts to join our INSCOM site in Charlottesville, ...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Senior Lead Information Security Office (ISO) Consultant

    Senior Lead Information Security Office (ISO) Consultant

    Capital OneHarrisonburg, VA, US
    Full-time +1
    Senior Lead Information Security Office (ISO) Consultant At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security.You are pragmatic a...Show moreLast updated: 13 hours ago
    • Promoted
    Asset Protection Specialist

    Asset Protection Specialist

    Home Depot (Retail)Waynesboro, VA, US
    Full-time
    The Asset Protection Specialist is primarily responsible for preventing financial loss caused by theft and fraud and supporting safety and environmental program compliance in their assigned store / m...Show moreLast updated: 30+ days ago