IT Application Security Analyst

The I.T. Applications Security Analyst plays a critical role in fortifying the organization’s cybersecurity defenses. I.T. Applications Security Analyst is responsible for ensuring the security of the company’s data and applications.

The incumbent ensures that applications and services of the organization are secured and implemented with best security practices. I.T. Application Security Analyst provides technical leadership and guidance to the application development team and is a technical expert in the area of technical design and implementation of application security. This person will work with the IT Security Team to ensure compliance with I.T. Security policies.

KEY FUNCTIONS 

Annual Operating Strategy

• Keep abreast of the latest cybersecurity threats, trends, and adversary tactics to proactively strengthen defenses.
• Engage in ongoing research to stay ahead of potential system breaches through the adoption of innovative security measures.

Implementation of Applications Security Recommendations

• Implement recommendations made on IT Security reports that detail the findings from security monitoring, assessments, and incidents.
• Resolve email and ticketing systems security-related issues.

Application Development

• Develop back-end development of solutions inclusive of best practice security configurations of these solutions.
• Write high-level code for applications in use; includes the testing of applications through stringent routines and procedures to ensure that it complies with security policies.
• Work with project teams to determine the best mix of development and interfacing applications to meet business requirements and deliver project outcomes.

Patch Management Compliance

• Implement recommendations made by IT Security team. Ensure compliance with IT Security Policies. Provide insights and recommendations to improve patch management processes.

 Security Incident Response

• Work with IT Security team in responding to security incidents.
• Ensure system integrity and conduct thorough investigations to understand attack vectors and prevent future breaches.
• Work with Applications Analysts and Applications Developers to enhance applications security posture.

Privilege Management Compliance

• Ensure adherence to IT Security Policies regarding privilege access to applications and databases. Investigate any deviations or suspicious activities on accounts with elevated privilege access.

Application Security Controls

• Implementing software application security controls.
• Develop and maintain documentation and methods of procedures for implementing application security controls.

Vulnerability Management Compliance

• Address any application security vulnerabilities identified in reports provided by the IT Security team, prioritizing vulnerabilities based on risk.
• Analyse application services to identify issues with code and formulating plans to address those issues.

Third Party Cyber Risk Management

• Liaise with third-parties to complete cybersecurity questionnaires and audits.
• Ensure TSTT Applications that receive payments via credit card are compliant with Payment Card Industry standards.

Contract Management/ Solution Procurement

• Work with the Applications Analysts and Applications Developers and provide input to the development of or procurement of new solutions.

EDUCATION:

An undergraduate degree in Information Security, Computer Information Systems, Computer Science or a related field of study

AND

At least two (2) of the following certifications: ITIL Foundation, GIAC Certified Incident Handler (GCIH), CompTIA Network+, PHP, CompTIA Security+, Python, CompTIA CySA+, Java / JavaScript, Certified Ethical Hacker (CEH), C++, GIAC Security Essentials (GSEC), HTML5

EXPERIENCE/ TRAINING:

• A minimum of two (2) years in IT roles with a significant focus on cybersecurity tasks, security monitoring and/or security configurations in applications.
• At least two (2) years of experience specifically in designing, building and implementing applications that meet modern security standards.
• Strong working knowledge of security challenges, defense strategies, and the implications of various security measures across various computing environments.

FUNCTIONAL COMPETENCIES: 

• Cloud First Focus – Ability to adopt, implement and maintain a cloud-first approach to the overall IT solution support, design and application development in conjunction with Technology Vendors to deliver solutions that align with current and future business requirements, both internally and helping our customers make use of secure, scalable and reliable cloud solutions at a competitive price.
• Solution Design & Implementation – The specification, design, and implementation of information systems solutions (security, applications, network, database, cloud, data center etc.) to meet defined business needs either internally or commercially that are in alignment with corporate strategy, industry best practice and within constraints of cost, security, and sustainability. It spans the identification of concepts and their translation into an implementable design; planning, development, testing and the go-live of the final product or service and ensures the optimum use of current solutions, retention of compatibility with enterprise and solution architectures and avoiding solution duplication. 
• IT Service Management – The ability to manage IT solutions and resources required to plan for, develop, deliver, and support IT services and products to meet the current and future needs of the business that will strengthen the company's competitive advantage. It includes the preparation for new or changed services, management of the change process and the maintenance of standards. The identification, analysis, clarification, and communication of the context of use in which solutions will operate, and of the goals of products, systems or services. Analysis and prioritization of stakeholders’ “user experience” needs and definition of required system behaviour and performance. This includes negotiation, implementation and monitoring of service level agreements, seeking continually and proactively to improve service delivery and sustainability targets. 
• Digital Transformation – Ability to perform creative problem solving, partnering with vendors and using a variety of techniques to come up with innovative solutions using technology to assist with the defining or redefining of TSTT’s products and services. These include the management of all activities required to launch a new product, service, process or concept using digital tools and platforms including the ability to manage digital products as they move through the typical stages of their product lifecycle: Development and Introduction, Growth, Maturity/Stability, and Decline. Ability to identify, implement and utilize specific solutions that will deliver on TSTT’s digital value proposition. 
• IT Project Mgt. – The management and delivery of projects from design, development, and implementation of IT solutions to meet identified business needs using industry best practices. This includes the ability to categorize the solution into cycles to deliver a working product within time constraints using agile principles that allows teams to respond rapidly, efficiently, and effectively to changes. Ensures the delivery of features with the greatest business value first, and having the realtime information to tightly manage cost, time, scope and quality. 
• Information Security Risk Management – Working knowledge of how to safeguard the confidentiality, integrity, and availability of information and information processing facilities using defined IT security principles, controls, and best practices that are aligned with the business objectives and through security awareness.

CORE AND LEADERSHIP COMPETENCIES: 

Organisational Awareness: Contributes to the organisation by understanding and aligning actions with the organisation's goals, core functions, needs, and values. Contributes to the organisation by actively demonstrating the alignment of activities with the organisation strategies, key initiatives, core functions, needs, and values and supporting others to do the same.

Customer Focus: Prioritises and takes action on the needs of both internal and external customers. Designs and delivers products and services with the customer experience top of mind. 

Planning and Results Orientation: Invests time in upfront planning to achieve organisational goals and objectives while meeting quality standards, following the appropriate processes, and continuously assessing results. 

Creativity and Innovation: Thinks beyond the confines of traditional models to recognise opportunities and find new and better ways of doing things to be and remain an agile broadband provider. Encourages experimentation and accepts failure as a driver of innovation. 

Communication: Effectively and appropriately interacts with others to build relationships, influence others, and facilitate sharing ideas and information. Uses tact and diplomacy to navigate demanding situations. Relays key messages by creating a compelling story targeted to specific audiences. 

Strategic Leadership and Execution: Applies vision to think beyond the immediate situation and explore multiple potential paths. Invests time in planning, discovery, and reflection to drive decisions and more efficient implementation. Ensures that business goals are met by executing, monitoring, and adjusting the organizational action plan.

People Leadership: Inspires, motivates, and empowers people to achieve organizational goals. Coaches, mentors, and manages employee experience and performance through mindful preparation. Creates space for others to lead.

Managing Through Change and Uncertainty: Adjusts thinking and behaviour to resiliently face change and uses experience to fuel growth. Embraces failure as a learning opportunity for themselves and others. Enables the process of change and transition while helping others deal with the effects of change.

Relationship Building: Develops internal and external trusting, professional relationships. Purposefully develops networks to build value through collaboration.

Deadline date for applications: Thursday 28th November 2024