Job Information
Patterson Companies, Inc. Senior Security Analyst - AppSec in St Paul, Minnesota
Patterson isn't just a place to work, it's a partner that cares about your success.
One of the distinguishing marks of our company is the talented people who embrace the people-first, always advancing, and results-driven culture. Professional growth abounds in this motivating environment. We value the diverse talents and experiences our employees bring to Patterson and believe that they build a stronger and successful organization.
Senior Security Analyst leads, develops, and executes on the installation, testing, operation and maintenance of the application security hardware and software to ensure the confidential, integrity, and availability of Patterson’s Companies’ customer-facing applications, internal applications, information assets and systems. In this newly created role, you will help in the future growth of the application security program by leveraging the latest technologies, engaging directly with the application development teams, and working collaboratively across multiple business areas. Additionally, this role will take ownership and drive all aspects of security support, ensuring security and project goals are being met and proactively providing technical support and incident management.
Essential Functions
Ensure the Application Security tool’s system availability, functionality, configuration, and integration.
Review and report on core systems, SAST/DAST/SCA/API/Secrets/IaC tools.
Review outputs and provide recommendations to developers and security champions.
Log and follow up incidents, bugs, and impediments in ticketing system.
Validate pen test results and document action plans for remediation.
Perform code reviews for major releases.
Oversees the maintenance, support, and delivery of associated security platforms.
Drives continuous improvements in acting on alerts, service requests, and incidents.
Integrates best practices to proactively analyze and monitor systems and applications for system and security related issues.
Considered subject matter expert in assigned platforms and keeps up-to-date knowledge to drive improvements.
Strong mentor with the ability to work with junior team members and provides leadership and training on new tools or projects.
A dditional functions
In addition to the essential functions listed above, the incumbent may perform the following additional functions.
Ability to work cross-functionally with members of the Information Security Team to support Patterson Companies compliance initiatives and business continuity requirements.
Contribute to the development of enterprise-wide best practices for Application Security.
Create documentation of environment configuration and how each area is maintained.
Deliver up-to-date metrics for various verticals within the Application Security toolsets.
Express relevant information appropriately to individuals or groups, considering the audience and the nature of the information.
Required Qualifications
Bachelor’s Degree with an emphasis in security, technology, or engineering or equivalent work experience.
At least 4 years work experience in information technology, cyber security, or information security.
Knowledge of manual testing tools (i.e Burp Suite Pro, Fiddler, Owasp Zap, Kali, or Postman)
Knowledge of and experience with Application Security tools such as Burp Suite, Invicti Netsparker, Veracode, Checkmarx, Gitleaks, Noname, or Qualys.
Experience with the integration of tools into development pipelines
Understanding of a broad range of Application Security issues as well as their mitigation strategies
Understanding of Application Security related vulnerabilities, OWASP Top 10 and OWASP Top 10 API Security Risks
Familiar with Thick Clients, WebApps, SPA, MVC, API, Microservices.
Knowledge of security risk and capabilities in IaaS, PaaS, Saas.
Coordinate, guide and follow-up results from Pen Test as a Service.
Experience with reviewing source code written in .NET, C, C++, C#, JavaScript, Angular and related languages.
Written communication skills for written interactions with clients, vendors and upper management.
Familiarity with Cloud Solutions, CNAPP, CIEM, CSPM, Kubernetes, OAuth, or APIM.
Experience with creating overall metrics of the application security program.
Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information.
Drives continuous improvements in acting on alerts, service requests, and incidents.
Preferred Certifications
Certified Ethical Hacker – (C|EH).
GIAC Certified Web Application Defender (GWEB).
(ISC)² - CISSP.
MSFT – Certified Cloud Security Professional (CCSP).
Burp Suite Certified Practitioner – (BSCP).
What's In It For You: (http://www.pattersoncompanies.com/careers/default.aspx#section=benefits)
We provide competitive benefits, unique incentive programs and rewards for our eligible employees:
Full Medical, Dental, and Vision benefits and an integrated Wellness Program.
401(k) Match Retirement Savings Plan.
Employee Stock Purchase Plan (ESPP).
Paid Time Off (PTO).
Holiday Pay & Floating Holidays.
Volunteer Time Off (VTO).
Educational Assistance Program (Tuition Reimbursement).
Full Paid Parental and Adoption Leave.
LifeWorks (Employee Assistance Program).
Patterson Perks Program.
EEO Statement
As a people-first company, Patterson promotes a culture that embodies and celebrates diversity and inclusivity. We believe our employees’ unique experiences and differences is what strengthens us and drives our success. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status.
We are Patterson. We welcome you.
At Patterson Companies, we live our values everyday. With more than 8,000 employees worldwide, we're responsible for providing dentists, veterinarians, animal producers, and farmers with the support they need to keep us and our animals healthy.
An Equal Opportunity Employer
Patterson Companies, Inc., is an equal opportunity employer. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.