System Analyst

Responsibilities: 

• Identify basic common coding flaws at a high level.
• Develop secure software testing and validation procedures.
• Consult with customers about software system design and maintenance.
• Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
• Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
• Analyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandates.
• Develop a threat model based on interviews and requirements.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Consult with engineering staff to evaluate the interface between hardware and software.
• Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews.
• Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities.
• Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
• Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
• Determine and document software patches or the extent of releases that would leave software vulnerable.

Qualifications:

• Bachelor’s degree/Master’s degree in Management Information System, Computer Science, Computer Engineering, IT, Business Administration or related fields.
• Minimum 5 years of experience in software development.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Good understanding of banking and financial products and processes.
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of software development models (e.g., Waterfall Model, Spiral Model).