Skip Navigation

Job Description

Application Security Analyst - IT

P&G is transforming its Information Security organization to address the shifting cybersecurity landscape and we want you to be a part of this exciting journey. Are you a highly skilled Application Security Analyst focused on assessing applications to verify compliance with Company policies. As an Application Security Analyst, you will be accountable for the end to end process within Information Security assessing, validating, tracking, and reporting the Risk Profile by Application at Control Level while providing consultancy to their customers. You will have a solid competence on security technologies and good business understanding.

The qualified candidate is knowledgeable of the Secure Software Development Lifecycle, and has strong technical expertise spanning different technologies to verify the correct implementation of security controls in diverse environments. This is a fulltime role located in Cincinnati, Ohio.

Essential Responsibilities
You will conduct application security assessments to ensure the verification of controls vs corporate information security policy, and establishes the security profile applications to enable management for risk based decisions. You will work with the P&G Incident Response team and other internal organizations to achieve the shared vision of enhancing P&G's cyber security posture.
• Determine the risk profile of the applications by verifying application controls vs information security policy.
• Leverage and develop technical application security expertise that is required to successfully assess application controls.
• Consult with customers going through and application assessment and provide the correct interpretation of security controls to be implemented.
• Connect and leverage other resources in Information Security to ensure accurate assessment of security controls as needed.

Desired Characteristics
• Leadership – Leading the end to end scope of the Application Assessment process and engage with other organizations and teams in Information Security and Business. Define the success criteria and required areas of expertise in the different Application Teams for success.
• Technical Expertise – Be competent and continue developing technical master in the technologies and solutions that are relevant in P&G and industry to effectively conduct security controls verification.
• Accountability- Fully accountable for the Application Risk Profile by Control Level for each of the applications assessed. Expected to work independently to ensure the sustainably of the assessment process, while engaging internally with other Security Analyst to understand challenges and ultimately to improve the process, and externally with the Application Teams to gather all the required evidences.
• Pro-activeness – Lean on the front by pro-actively identifying opportunities and anticipating issues that need to be tackled, defined, and pursue with driving the improvement plans.

Technical Competencies and Experiences
Technical certification, strong knowledge and experience in the following is highly desired:
• Preferred Certifications: CISSP, CSSLP
• Working knowledge and experience in the 8 domains defined:
o Secure Software Concepts
o Secure Software Requirements
o Secure Software Design
o Secure Software Implementation/Programming
o Secure Software Testing
o Secure Lifecycle Management
o Software Deployment, Operations, Maintenance
o Supply Chain and Software Acquisition
• ERP systems, with preference of SAP: Early watch reports and configurations
• Network: Reverse proxies, WAFs
• Identity & Access Management technologies, with a focus on their associated risks
• Cloud Computing Security: Cloud Access Security Brokers (CASB)
• Encryption: Symmetric, Asymmetric, and Hashing algorithms
• Programming Languages and OSs: Java, Phyton, PHP, C++, Unix, Windows, Linux, iOS, Android

• Bachelor’s degree in Information Systems, Information Technology (IT), Computer Science, Engineering, or other technical/IT field or at least 5+ years of relevant experience.
• The hired applicant must have, or be willing to obtain within 1 year, the Certified Information System Security Professional (CISSP) certification. Additionally, they must have, or be willing to obtain within 2 years, the Certified Secure Software Lifecycle Professional (CSSLP) certification. P&G provides study preparation and exam cost coverage.
• Must be willing to work from the Cincinnati Procter & Gamble office location.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, disability status, age, sexual orientation, gender identity and expression, marital status, citizenship, HIV/AIDS status or any other legally protected factor.
Immigration sponsorship is not available for this position. Applicants for U.S. based positions are generally required to be eligible to work in the U.S. without the need for current or future sponsorship. Except in rare situations based on Procter & Gamble's sole discretion. Procter & Gamble does not sponsor candidates for permanent residency. Any exceptions would be based on the Company's specific business needs at the time and place of recruitment as well as the particular qualifications of the individual.
Procter & Gamble participates in e-verify as required by law.
Qualified individuals will not be disadvantaged based on being unemployed.

Job ID
IT 00001061
United States ,Ohio ,Cincinnati

Not sure which career areamay be right for you?

Try our fun, interactive tool - the results may surprise you.

Let's Go

Why I Joined P & G