Application Security Analyst

Make a Lasting Impression. Join Tapestry, the first New York-based house of modern luxury lifestyle brands. A successful career at Tapestry is built on hard work, determination and a genuine passion for what you do. At Tapestry, you are part of a global house of brands that is built around our shared values of optimism, innovation and inclusivity. We believe anyone from anywhere can have the best idea, and with creativity and perseverance, anything is possible.

Whether it be Coach, Stuart Weitzman or Kate Spade, each of our great brands around the world helps people express themselves in their own unique ways.

Primary Purpose:

The Information Security Analyst will be responsible for evaluating application environments to ensure they are being designed and deployed in compliance with InfoSec standards and industry best practices. This includes performing security assessments, conducting risk analysis, reporting security findings and recommending corrective actions for the relevant operational teams.

The successful individual will leverage their proficiency in Application Security to…

• Work with developers, architects, project leads/managers, business analysts, and others, in determining security requirements for projects and ensures that these requirements are met as part of the software development lifecycle.
• Work alongside IT partners and act as the “go to” individual for all security questions, concerns, and guidance
• Develop and present training material on security-related topics, and develop application security-related development standards and controls alongside other governance and architecture teams
• Be responsible for the administration and maintenance of industry leading security tools
• Serve as a Subject Matter Expert (SME) in the field of application security
• Conducting dynamic & Static code reviews
• Act to integrate application/software security tools within existing development processes
• Assist with the planning and execution of application penetration tests
• Identify and help resolve false positive findings in security assessment results
• Generate reports on assessment findings and help guide and track remediation tasks
• Assist with formulation and distribution of security metrics that demonstrate assessment coverage and remediation effectiveness

The accomplished individual will possess…

• Solid understanding of secure coding principles (OWASP Top 10)
• 2-4 years experience with Application Security Tools like IBM AppScan, Metaspolit, WebInspect, Burp, Veracode, Checkmarx, etc.
• Familiarity with widely used application development tools & languages (ex. .Net, JAVA, XCode, etc.)
• Strong critical thinking and problem solving skills
• Excellent written and oral communications skills
• Ability to understand business needs and commitment to delivering high-quality, prompt, and efficient service to the business

An outstanding professional will have…

• BS in Computer Science, Information Security, or a related field
• 2-4 years of past experience in information security, especially in an analyst role
• Industry Certifications such as CISSP, CISM, CISA, CEH are considered a plus
• Must be able to commute to Carlstadt, NJ

Tapestry, Inc. is an equal opportunity and affirmative action employer and we pride ourselves on hiring and developing the best people. All employment decisions (including recruitment, hiring, promotion, compensation, transfer, training, discipline and termination) are based on the applicant’s or employee’s qualifications as they relate to the requirements of the position under consideration. These decisions are made without regard to age, sex, sexual orientation, gender identity, genetic characteristics, race, color, creed, religion, ethnicity, national origin, alienage, citizenship, disability, marital status, military status, pregnancy, or any other legally-recognized protected basis prohibited by applicable law. Visit Tapestry, Inc. at http://www.tapestry.com/