Do you have a passion for security?  American National is seeking an Application Security Analyst!  In this role, you would apply security testing techniques to external facing web applications.  As part of a team, you would create, administer, and maintain a reporting strategy for the overall application security test coverage along with vulnerabilities, ensure execution of static and dynamic application security testing for a defined list of applications tests, create testing strategies to make sure they align with current security standards, and act as the project security testing lead when needed.

What Will You Do?

• Develop, execute, and maintain security test plans, scenarios, test cases, and test scripts for SAST (Static Application Security Testing)
• Develop knowledge in Automation tools for security testing (DAST)
• Execute and analyze security scans using appropriate scanning tools and report the findings of the outcome of the security test
• Validate and analyze the results of application security testing and verify the resolution before it is released to production
• Further develop and execute security testing techniques for Mobile and Web applications around the top 10 OWASP security testing vulnerabilities
• Identifies security errors, defects, security vulnerabilities and unexpected results prior to implementation
• Provides reports, metrics, and delivers information to application security lead and other areas when needed
• Document security findings in testing and collaborate with the development teams on security resolutions properly or best practices for applications
• Collaborates with the Senior Application Security Analyst and/or Lead Application Security Analyst to support development of standards for Static and Dynamic application security testing
• Work with intermediate and senior application security testing team members to identify areas  where application security testing is lacking and work to improve security testing coverage
• Collaborate with other teams’ security issues and recommend solutions or best practices for applications
• Review penetration test results with other teams to inform them of security concerns and findings and verify the adjustments made by the development team

Required Skills:
Our team is open to finding the best fit for this role and we are flexible on what level you might be!

If you have recently graduated with a computer science degree or an emphasis on cyber security, we would expect you to show a passion for application security and have an interest in web applications researching risks, vulnerabilities, and threats in the application or the execution of the application. You should be familiar with different operating systems and exposed to different programming languages along with HTML, SQL, and scripting processes. You should have the ability to communicate and coordinate with the development team to resolve findings and exhibit strong written communication to create processes and procedures for application security test plans.  An interest in exploring manual testing and ethical hacking for an assortment of applications is also ideal.

If you have 2 to 6 years’ experience in Applications Security Testing with experience in manual web application security testing with the understanding of the OWASP security testing guidelines, we would expect you to show a passion for application security and the exposure of automation security testing at the application source code level and the execution of the web application (SAST/DAST).  You should have an understanding of different programming languages along with experience in SQL and scripting applications for security testing.  Experience in OWASP Guidelines and CWE should enable you to apply those to the ethical hacking of web and mobile applications.  You should have the ability to review security reporting for vulnerabilities, risks, and threats and communicate those needs to the development team and review security needs and guidelines with the development teams.

The following skills are helpful, but will also be gained over time in the role:

• Knowledge of ethical hacking standards and apply them to web and mobile applications.
• Demonstrated understanding of confidentiality, integrity, and prioritization strategy. 
• C-WAST: Certification or ISTQB Security Testing Certification

Employees (and their families) are covered by medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan. Employees also receive annually a bank of paid time off and paid holidays.   We aspire to see people for what they bring to our corporate culture by supporting an inclusive work environment, including an emphasis on a healthy work-life balance, development opportunities, and a casual dress code.

American National is an established, stable, and successful multi-line insurance corporation that has provided financial strength and a sense of security to employees, customers and business partners since 1905.  With focus on our organization’s values and cultural richness: Financial Strength, Integrity, Respect, Service and Teamwork (FIRST) and Agility, Collaboration, and Engagement (ACE) we continue to pursue our vision to be a leading provider of financial products and services for current and future generations.

Hiring Practices

The preceding job posting was designed to indicate the general nature and level of work performed by employees assigned to this position. It is not intended to be interpreted as a comprehensive list of all duties, responsibilities, and qualifications.  We are dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about this role, but your past experience doesn’t align perfectly with the job qualifications, we still encourage you to apply. You may be just the right candidate for this position or other opportunities at American National.

American National’s recruitment policies help us place individuals in a timely and efficient manner. Only the most qualified candidates will be contacted by our recruiting team. Candidates may check the status of their application(s) by logging into our Career Portal.  Learn more about our company, by following us on social media: LinkedIn, Facebook, Instagram

American National is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, genetic information or any other legally protected categories. American National is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities.