Application Security Analyst

Atlanta, GA, United States

Your Job

As the Application Security Analyst, you will be dedicated to strengthening and expanding our application security posture. You will collaborate closely with development, engineering, product, and other teams during every stage of the software development lifecycle (SDLC). Your insights will influence broader security initiatives throughout the organization. Reporting to the Manager of Cyber Security, this position is crucial in molding the future of security at Georgia-Pacific. You will be part of a larger team to develop a comprehensive Vulnerability Management, Audit & Assurance capability.

Our Team

The Cyber, Vulnerability & Assurance Capability team within GP Cyber Security is focused on managing risks associated with IT and OT systems through a comprehensive vulnerability management program. Our goal is to provide valuable insights to business partners, enabling profitable, risk-based cyber security management decisions. Our team supports operations and remediation across applications, cloud, and infrastructure, while also being involved in cyber tool management and maintenance. Our team also engages with stakeholders responsible for onboarding applications to our Cyber tools to help identify vulnerabilities and drive remediation through collaboration with various customers and stakeholders.

What You Will Do

Partner with development teams to embed security standards and best practices into their workflows.

Identify web application vulnerabilities, prioritize and risk adjust findings, consult on mitigation strategies, and ensure timely resolution. Demonstrate self-motivation and direction, while utilizing strong organizational and project management skills, to effectively plan, execute, and complete tasks in a timely and efficient manner.

Design and deliver training sessions to developers and stakeholders on secure coding practices, threat modeling, and risk assessment.

Revamp our AST (Snyk) platform. Collaborate with developers to address findings and minimize false positives.

Lead proactive code reviews to pinpoint vulnerabilities, while refining and incorporating the Secure Development Lifecycle into our engineering processes.

Offer specialized application security guidance on projects, system issues, and during stakeholder meetings. Provide guidance on relevant application security industry standards and practices such as OWASP, ASVS, CIS, SANS, CWE, etc.

Assist in developing and maintaining an ongoing security assurance program including development of appropriate scripts and monitoring capabilities to; verify security effectiveness, analyze data, develop trend analysis, and ensure compliance to existing standards, policies, and procedures.

Conduct technical security risk assessments with internal and external resources as needed.

Who You Are (Basic Qualifications) Experience using Python or PowerShell or infrastructure-as-code tools

Experience testing and identifying web application vulnerabilities

Experience with CI/CD, containers, microservices, cloud architecture, and application security platforms

Experience with Development or Security or Operations with a focus on cloud, systems and services

Experience in Cloud Security or Network Security or Cyber Security Data Analytics and Reporting

Experience working with virtual machines in AWS, VMware and/or Azure Platforms.

Experience in aggregating data from various sources for security analysis & reporting

What Will Put You Ahead Bachelors Degree in Computer Science or IT Security

Experience with leading AST SaaS solutions (Synopsys, Snyk, Veracode, etc..)

Experience in aggregating data from various sources for security analysis & reporting

Experience providing organizational guidance for application security standards and practices such as OWASP, ASVS, CIS, SANS and CWE

Experience troubleshooting network security, firewalls and remote access technologies

AWS Certified Solutions Architect or comparable certification

Experience analyzing code for security vulnerabilities

Experience working in a SOC

At Koch companies, we are entrepreneurs. This means we openly challenge the status quo, find new ways to create value and get rewarded for our individual contributions. Any compensation range provided for a role is an estimate determined by available market data. The actual amount may be higher or lower than the range provided considering each candidate's knowledge, skills, abilities, and geographic location. If you have questions, please speak to your recruiter about the flexibility and detail of our compensation philosophy.

Hiring Philosophy

All Koch companies value diversity of thought, perspectives, aptitudes, experiences, and backgrounds. We are Military Ready and Second Chance employers. Learn more about our hiring philosophy here .

Who We Are

As a Koch company and a leading manufacturer of bath tissue, paper towels, paper-based packaging, cellulose, specialty fibers, building products and much more, Georgia-Pacific works to meet evolving needs of customers worldwide with quality products. In addition to the products we make, we operate one of the largest recycling businesses. Our more than 30,000 employees in over 150 locations are empowered to innovate every day - to make everyday products even better.

At Koch, employees are empowered to do what they do best to make life better. Learn how our business philosophy helps employees unleash their potential while creating value for themselves and the company.

Our Benefits

Our goal is for each employee, and their families, to live fulfilling and healthy lives. We provide essential resources and support to build and maintain physical, financial, and emotional strength - focusing on overall wellbeing so you can focus on what matters most. Our benefits plan includes - medical, dental, vision, flexible spending and health savings accounts, life insurance, ADD, disability, retirement, paid vacation/time off, educational assistance, and may also include infertility assistance, paid parental leave and adoption assistance. Specific eligibility criteria is set by the applicable Summary Plan Description, policy or guideline and benefits may vary by geographic region. If you have questions on what benefits apply to you, please speak to your recruiter.

Additionally, everyone has individual work and personal needs. We seek to enable the best work environment that helps you and the business work together to produce superior results.

Equal Opportunities

Equal Opportunity Employer, including disability and protected veteran status. Except where prohibited by state law, some offers of employment are conditioned upon successfully passing a drug test. This employer uses E-Verify. Please visit the following website for additional information: http://www.kochcareers.com/doc/Everify.pdf