Applications Security Analyst
Role summary
This temporary Applications Security Analyst role involves performing technical work to analyze, assess, and coordinate application security for County systems. Responsibilities include conducting security reviews of applications, databases, and cloud platforms to identify vulnerabilities and risks. The analyst will utilize security tools, document findings, and collaborate with stakeholders on remediation strategies. This position also assists in developing security standards and preparing reports for management. The role covers diverse on-premise and cloud-based enterprise systems, including those in Finance and Public Safety, and may involve securing Windows, SQL, and web environments. This is a 6-month contract position.
JOB
Performs professional and technical work involving the analysis, assessment, and coordination of application security activities for County systems and business applications. Conducts security reviews of applications, databases, interfaces, file shares, cloud and SaaS platforms, and related systems to identify vulnerabilities, access control weaknesses, insecure configurations, and data exposure risks. Utilizes approved vulnerability assessment and security analysis tools to identify, validate, document, and track security issues affecting applications and supporting systems. Works with application owners, technical staff, business units, and vendors to support remediation planning, implementation of corrective actions, mitigation strategies, and documentation of approved exceptions. Assists in the development and maintenance of procedures, standards, and documentation related to application security, vulnerability management, and access governance. Prepares findings summaries, reports, and recommendations for technical staff, business users, management, and leadership. Assigned systems may include one or more major systems supporting multiple business units and/or several smaller systems with cross-system integration requirements. Assigned security tasks cover a diverse range of on-premise and cloud-based enterprise systems, spanning departments such as Finance, Public Safety, General Services, etc. Work may include securing in-house processes and software within Windows, SQL, and web-based environments. Work is performed under the general direction of designated Information Technology leadership.This is a temporary position, only expected to last 6 months
EXAMPLE OF DUTIES
~ Conducts security assessments of assigned applications, databases, interfaces, file shares, collaboration platforms, cloud services, SaaS platforms, and related systems to identify vulnerabilities, access control weaknesses, insecure configurations, and data exposure risks. ~ Documents security findings, risk observations, technical conditions, business impact, and recommended corrective actions in accordance with established procedures and standards. ~ Utilizes approved vulnerability assessment, scanning, and security analysis tools to identify, validate, document, and prioritize security findings affecting applications and supporting systems. ~ Reviews user, group, shared, service, and administrative access to assigned systems and applications to identify excessive privileges, inappropriate access, dormant accounts, and opportunities to improve least-privilege enforcement. ~ Works with application owners, infrastructure staff, database administrators, business units, vendors, and other Information Technology personnel to support remediation of identified vulnerabilities and security control deficiencies. ~ Assists with review and documentation of security exceptions, compensating controls, mitigation strategies, and risk acceptance decisions in accordance with established policies and procedures. ~ Supports periodic access reviews and evaluates onboarding, transfer, and offboarding processes for control weaknesses, inconsistent access assignments, and access governance gaps. ~ Identifies systems that store, process, or transmit sensitive, confidential, or business-critical data and assists in mapping data types, access groups, and applicable security controls. ~ Reviews application- and system-level security controls, including access restrictions, role design, encryption settings, data sharing controls, and other protective measures, as applicable. ~ Assists in the development, maintenance, and improvement of procedures, standards, templates, and documentation used for application security assessments, vulnerability management, and related review processes. ~ Prepares reports, summaries, metrics, dashboards, and status updates related to security findings, remediation activities, and risk conditions for management, leadership, auditors, and other stakeholders. ~ Participates in project planning, implementation, upgrade, and change review activities to identify security requirements and reduce security risk in new or modified applications. ~ Works with users, technical staff, and vendors in troubleshooting security-related issues, validating corrective actions, and supporting practical resolutions. ~ Keeps abreast of modern cybersecurity methods, technologies, threats, standards, and software through workshops, seminars, trade journals, professional associations, and self-study. ~ Assists other Information Technology staff in resolving security-related system and application issues and participates in planning, audit support, procurement review, and technical standards activities as requested.
SUPPLEMENTAL INFORMATION
