empty

Lead Application Security Analyst

CLA (CliftonLarsonAllen)

Job Description

Posted on: 
November 12, 2024

Summary and company overview

Role Summary:

CLA is looking to hire a Lead Application Security Analyst to join our growing Internal IT team. In this position you will: Work closely with the Manager of Application Security and the Cloud Security Architect to build a holistic view of the overall security posture for the firm. The focus of the position is to lead the creation, endorsement, and utilization of technical best practice security architecture that guides the Firm through securing acquisition, building, modifying, and interfacing IT resources throughout the organization with an emphasis on cloud-based services. This role is a hands-on position who supports the Cloud Security Architect and Manager of Application Security by leading in the creation and implementation of best practice documents, security architecture drawings, providing both level 3 and 4 support, and participating and occasionally leading technical projects that span across all IT teams.

Company Overview:

CLA is a top 10 national professional services firm where our purpose is to create opportunities every day, for our clients, our people, and our communities through industry-focused wealth advisory, digital, audit, tax, consulting, and outsourcing services. Even with more than 8,500 people, 130 U.S. locations, and a global reach, we promise to know you and help you.

CLA is dedicated to building a culture that invites different beliefs and perspectives to the table, so we can truly know and help our clients, communities, and each other.

Responsibilities

  • Supporting role to the Manager of Application Security, Cloud Security Architect, Business Analysts, and Technical Leads on strategic IT projects.
  • Reviews project documentation, research and references security policy, renders recommendations and guidance, approves or rejects project artifacts from a security perspective, and performs other tasks in the pursuit of securing systems, processes, and software applications.
  • Interface with IT peers, IT Leadership and Business Relationship Managers to understand, design, and improve cybersecurity, as it relates to IT security and various CLA Service Lines.
  • Communicate effectively to target audiences across both the business and technical stakeholders to ensure consistent messaging. Guide project managers in the creation and documentation of project requirements while ensuring the secure design principles are met.
  • Work with the CLA technical teams to forecast and roadmap technologies, developing strategic plans from which security standards can be established and enforced. Assess requirements and translate them into secure system guidelines and high-level technical requirements.
  • Guide and counsel technical teams, with guidance from the Manager of Application Security and Cloud Security Architect, in performing implementation activities, and review implementation outcomes, to ensure secure design compliance.
  • Drive policies and procedures through involvement in the Firm's Software Development Life Cycle (SDLC) process and ensure all applications and services are built and sustained with security and compliance by design. Validate controls for Encryption, Access Control, Web Application Vulnerability Detection, OWASP top 10 and other common web application security parameters.
  • Provides peer review of technology initiatives. Creates documentation around security initiatives as required. Provides smallest project management services, including the facilitation of web application penetration tests with outside vendors. Facilitates developer security champion program with support from Cloud Security Architect and Manager of Application Security.

Job Requirements

Required Qualifications:

  • 7 years of general IT experience required, 4 of which are with security of IT systems, and 2 of which are with security design/strategy.
  • 3 years of modern application development experience required, including exposure and familiarity with CI/CD practices, and versioning methodologies leveraging Git fundamentals (ADO, GitHub).
  • Bachelor's degree is required. Combination of relevant experience, education, and training may be accepted in lieu of degree.

Preferred Qualifications:

  • 4 years' experience preferred in secure coding tools, including SAST/SCA/DAST.

Additional commentary

  • Our Perks:
  • Flexible PTO (designed to offer flexible time away for you!)
  • Up to 12 weeks paid parental leave
  • Paid Volunteer Time Off
  • Mental health coverage
  • Quarterly Wellness stipend
  • Fertility benefits
  • Equal Opportunity Employer:
  • Equal Opportunity Employer /AA Employer/Minorities/Women/Protected Veterans/Individuals with Disabilities.
  • Click here to learn about your hiring rights.
  • Wellness at CLA:
  • To support our CLA family members, we focus on their physical, financial, social, and emotional well-being and offer comprehensive benefit options that include health, dental, vision, 401k and much more.
  • To view a complete list of benefits click here.

Summary and company overview

Role Summary:

CLA is looking to hire a Lead Application Security Analyst to join our growing Internal IT team. In this position you will: Work closely with the Manager of Application Security and the Cloud Security Architect to build a holistic view of the overall security posture for the firm. The focus of the position is to lead the creation, endorsement, and utilization of technical best practice security architecture that guides the Firm through securing acquisition, building, modifying, and interfacing IT resources throughout the organization with an emphasis on cloud-based services. This role is a hands-on position who supports the Cloud Security Architect and Manager of Application Security by leading in the creation and implementation of best practice documents, security architecture drawings, providing both level 3 and 4 support, and participating and occasionally leading technical projects that span across all IT teams.

Company Overview:

CLA is a top 10 national professional services firm where our purpose is to create opportunities every day, for our clients, our people, and our communities through industry-focused wealth advisory, digital, audit, tax, consulting, and outsourcing services. Even with more than 8,500 people, 130 U.S. locations, and a global reach, we promise to know you and help you.

CLA is dedicated to building a culture that invites different beliefs and perspectives to the table, so we can truly know and help our clients, communities, and each other.

Apply now