Lead Applicaiton Security Analyst - Clifton Larson Allen LLP

CLA is a top 10 national professional services firm where our purpose is to create opportunities every day, for our clients, our people, and our communities through industry-focused wealth advisory, digital, audit, tax, consulting, and outsourcing services. Even with more than 8,500 people, 130 U.S. locations, and a global reach, we promise to know you and help you. CLA is dedicated to building a culture that invites different beliefs and perspectives to the table, so we can truly know and help our clients, communities, and each other. CLA is looking to hire a Lead Application Security Analyst to join our growing Internal IT team: In this position you will: Work closely with the Manager of Application Security and the Cloud Security Architect to build a holistic view of the overall security posture for the firm. The focus of the position is to lead the creation, endorsement, and utilization of technical best practice security architecture that guides the Firm through securing acquisition, building, modifying, and interfacing IT resources throughout the organization with an emphasis on cloud-based services. This role is a hands-on position who supports the Cloud Security Architect and Manager of Application Security by leading in the creation and implementation of best practice documents, security architecture drawings, providing both level 3 and 4 support, and participating and occasionally leading technical projects that span across all IT teams. How you'll create opportunities in this Senior Application Security Analyst role: Business Solutions Supporting role to the Manager of Application Security, Cloud Security Architect, Business Analysts, and Technical Leads on strategic IT projects. Reviews project documentation, research and references security policy, renders recommendations and guidance, approves or rejects project artifacts from a security perspective, and performs other tasks in the pursuit of securing systems, processes, and software applications. This role will often interface with IT peers, IT Leadership and Business Relationship Managers to understand, design, and improve cybersecurity, as it relates to IT security and various CLA Service Lines. Communicate effectively to target audiences across both the business and technical stakeholders to ensure consistent messaging. They guide the project managers in the creation and documentation of project requirements while ensuring the secure design principles are met. Works with the CLA technical teams to forecast and roadmap technologies, developing strategic plans from which security standards can be established and enforced. Assesses requirements and translates them into secure system guidelines and high-level technical requirements. Technical Team Initiatives Guide and counsel technical teams, with guidance from the Manager of Application Security and Cloud Security Architect, in performing implementation activities, and review implementation outcomes, to ensure secure design compliance. Dive policies and procedures through involvement in the Firm's Software Development Life Cycle (SDLC) process and ensure all applications and services are built and sustained with security and compliance by design. Other responsibilities include validating controls for Encryption, Access Control, Web Application Vulnerability Detection, OWASP top 10 and other common web application security parameters. Provides peer review of technology initiatives. Creates documentation around security initiatives as required. Provides small scale project management services, including the facilitation of web application penetration tests with outside vendors. Facilitates developer security champion program with support from Cloud Security Architect and Manager of Application Security. What you will need: *7 years of general IT experience required, 4 of which are with security of IT systems, and 2 of which are with security design/strategy. *3 years of modern application development experience equired, including exposure and familiarity with CI/CD practices, and versioning methodologies leveraging Git fundamentals (ADO, GitHub). *4 years' experience preferred in secure coding tools, including SAST/SCA/DAST" *Bachelor's degree is required. Combination of relevant experience, education, and training may be accepted in lieu of degree. Our Perks: Flexible PTO (designed to offer flexible time away for you!) Up to 12 weeks paid parental leave Paid Volunteer Time Off Mental health coverage Quarterly Wellness stipend Fertility benefits Complete list of benefits here #LI-JH1 Equal Opportunity Employer /AA Employer/Minorities/Women/Protected Veterans/Individuals with Disabilities. Click here to learn about your hiring rights. Wellness at CLA To support our CLA family members, we focus on their physical, financial, social, and emotional well-being and offer comprehensive benefit options that include health, dental, vision, 401k and much more. To view a complete list of benefits click here. CLA is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, disability status, protected veteran status, national origin, or any other characteristic protected by law. EOE/AA Employer/Vets/Disability