Jobs
Share this Job

Application Security Analyst

Apply now »

Date: Nov 2, 2017

Location: Boston, MA, US, 02110

Company: Houghton Mifflin Harcourt

Job Requisition ID: 5406

Curious?  We get it.  We are too.

 

The Technology Group at Houghton Mifflin Harcourt (HMH) is a dynamic team of technology professionals dedicated to the nimble delivery of quality educational content for the evolving digital age.  Not your traditional IT house, the Technology Group actively partners with functions across the business ecosystem to develop and deliver applications and platforms to a diverse range of digital channels.

 

The Application Security Analyst is responsible for the security of our applications, both enterprise and customer facing, which are the gateway for our customers to HMH.  This position is responsible for identifying vulnerabilities, assessing their risk, and working with developers, QA analysts, scrum masters, and others responsible for the software development lifecycle (SDLC) to remediate, mitigate, or accept the risk of these vulnerabilities. They will also be responsible for improving our automated testing processes integration with Engineering tools and processes, automation, and automatic reporting.  The Application Security Analyst will report to the Director of Information Security Programs, and requires interactions with other Information Security team members, as well as Engineering and Technology Group (TG) team members, and Business Owners of applications.

 

The ideal candidate has experience with both application development as well as information security concepts, be an effective communicator, and document and report effectively.  Experience in a similar role is preferred. He or she must work well in dynamic and often informal teams. He or she should also be able to coordinate disparate priorities and constraints on development teams, manage different personalities, and maintain objectivity and a strong understanding that security is just one of the business's activities. 

 

Responsibilities:

  • Perform manual assessments of applications, both dynamically and statically, produce reports, open tickets in Engineering work tracking systems (e.g. Jira), and meet with development teams as required.
  • Operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools.  This includes their integration points with Jira, Jenkins, etc.
  • Consult with Engineering and TG as required on security designs of applications, questions about vulnerabilities, and remediation approaches.
  • Create training materials to educate HMH stakeholders about key security concepts using a variety of media.
  • Participate in security incident response activities

 

Requirements:

 

  • Bachelor’s Degree
  • 3+ years of application security experience, 5+ years preferred
  • 1+ year development experience, 2+ years preferred
  • Experience in application and infrastructure security practices and standards (such as OWASP)

  • Web application development experience in C# or Java

  • Knowledge of HTTP, JavaScript, XML, HTML 5, SQL

  • Experience reviewing code for vulnerabilities in Java, C#, Javascript/jQuery, Adobe Flash/ActionScript, etc.

  • Knowledge of white hat hacker tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Wireshark etc and source code analyzers

  • Familiarity in application security scanning technologies such as static application security testing (SAST), dynamic application security testing (DAST), single sign-on, and encryption

  • Ability to effectively work as part of a cohesive and agile team

  • Excellent analytical skills required

  • Self-starter with the ability to work with minimal supervision

  • Must have excellent verbal and written communication and listening skills due to high amount of interaction with HMH staff, clients, and external vendors

  • High level of patience and courtesy is required to deal with individuals and their varied technological skill levels

 

Preferred:

  • Ability to remain organized and to elicit cooperation from a wide variety of sources other internal departments and external parties

  • Ability to exercise good judgment and discretion in confidential matters

  • Ability to effectively prioritize and execute tasks in a high-pressure environment and react to project adjustments and alterations promptly and efficiently

  • High level of patience and courtesy is required to deal with individuals and their varied technological skill levels

  • CISSP, CIPP or CISA or GIAC certification or strong interest/progress in becoming certified

 

Physical Requirements:

  • Might be in a stationary position for a considerable time (sitting and/or standing)
  • The person in this position needs to move about inside office to access file cabinets, office machinery, etc
  • Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine, and computer printer
  • Must be able to collaborate with colleagues via face to face, conference calls, and online meetings

 

ABOUT US:
Houghton Mifflin Harcourt (NASDAQ:HMHC) is a global learning company dedicated to changing people’s lives by fostering passionate, curious learners. As a leading provider of pre-K–12 education content, services, and cutting-edge technology solutions across a variety of media, HMH enables learning in a changing landscape. HMH is uniquely positioned to create engaging and effective educational content and experiences from early childhood to beyond the classroom.  HMH serves more than 50 million students in over 150 countries worldwide, while its award-winning children's books, novels, non-fiction, and reference titles are enjoyed by readers throughout the world.

For more information, visit http://careers.hmhco.com  

PLEASE NOTE:  
Houghton Mifflin Harcourt is an equal employment opportunity employer and participates in E-Verify. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of gender, race/ethnicity, gender identity, sexual orientation, protected veteran status, disability, or other protected group status.

 

*LI-JH1


Nearest Major Market: Boston

Job Segment: Web Design, Creative, Publishing

Apply now »