Cybersecurity Analyst ( AppSec )

Discover. A brighter future.
With us, you'll do meaningful work from Day 1. Our collaborative culture is built on three core behaviors: We Play to Win, We Get Better Every Day & We Succeed Together. And we mean it - we want you to grow and make a difference at one of the world's leading digital banking and payments companies. We value what makes you unique so that you have an opportunity to shine.
Come build your future, while being the reason millions of people find a brighter financial future with Discover.
Job Description:
What You'll Do
The Application Security teams at DFS provides services and products for securing the software and product footprint used to run the business. As DFS business and engineering workforce has grown, our software footprint has also grown and become more heterogeneous, thus warranting next gen DevSecOps and Application security program implementation with focus on risk and compliance and app dev experience.
Reporting into the Head of Product Security the Cybersecurity Analyst will be a key team member of fast-paced Application security analysis team. This role will be executing threat models, meetings with various cross-functional teams to understand their objectives and limitations, making recommendations on how to build securely, and help drive collaboration from internal application development and product teams to disposition the vulnerabilities, risk and non-compliance to security requirements.
This role requires high levels of application security technical acumen, collaboration and oversight, including the effective challenge of remediation action plans, documentation of control gaps (e.g., Security Exceptions, Issues and Actions), and the ability to work within a team while maintaining independence and ownership of your work. If you are still reading this and intrigued, you could be the right candidate for the role. Please see additional details below and apply today.
How You'll Do It

• Threat model applications, systems, and platforms with a focus on security best practices and data protection requirements
• Manages and executes cybersecurity risk assessments using qualitative and quantitative methodologies to support the organization's overall security posture.
• Partner with Product Owners to evaluate current security posture and drive future security control implementations based on gaps found during the cybersecurity risk assessment.
• Utilizes ServiceNow and Cyber Risk System for risk management and risk remediation, processing potential security exceptions and/or risk acceptances against established security policies and standards.
• Identify areas for potential attacks and systemic security issues as they relate to threats and vulnerabilities, including recommendations for enhancements or remediation
• Participate in design sessions for proposed system solutions
• Engage application teams through an intake process to identify purpose of their system, components that comprise the system, identify threats and recommend security requirements.
• Prepare and deliver written and verbal briefings to message threat modeling findings across all levels of the enterprise.
• Works independently to scope vulnerable bodies of technologies, identify weaknesses, severity and impact, and recommend paths to remediation
• Learns advanced Cybersecurity concepts including new and modern threat exploitation techniques of internal and external bad actors
• Achieves team commitments (and influence others to do the same) by using informal leadership & highly developed communication skills
• Delivers metrics and performance reporting to enhance real-time risk decisions and initiative prioritization.
• Collaborates with cross-functional resources to drive progress toward cyber initiatives or risk remediation deliverables.
• Coordinates all exam management requests with program owners.
• Collects, reviews, and uploads all artifacts submitted as evidence in advance of requested dates.
• Assists in compiling management corrective action plans for risk item closure.
• Performs due diligence and validation on identified risk findings.

Minimum Qualifications
At a minimum, here's what we need from you:

• A Bachelors Degree in Information Security, Information Technology, Analytics, Business Administration and Management, Project Management or related
• 4+ years of experience in Information Security, Information Technology, Business, Analytics, Project Management or related.
• In Lieu of Education Experience- 6+ years of experience in Information Security, Information Technology, Business, Analytics or related

Internal applicants only: technical proficiency rating of Competent on the Cybersecurity Dreyfus engineering scale.
Physical and Cognitive Requirements
The physical requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable a qualified individual with disabilities to perform the essential functions of the position as required by federal, state, and local laws:
Primarily remain in a stationary position.
Primarily performed indoors in an office setting.
Ability to operate office equipment such as but not limited to computer, telephone, printer, and calculator.
Ability to communicate verbally.; Ability to communicate in written form.
Bonus Points If You Have

• Experience with ThreatModeler
• CISSP
• GIAC

External applicants will be required to perform a technical interview.
Discover will not sponsor or transfer employment work visas for this position. Applicants must be currently authorized to work in the United States on a full-time basis.
Application Deadline:
The application window for this position is anticipated to close on Apr-15-2025. We encourage you to apply as soon as possible. The posting may be available past this date, but it is not guaranteed.
Compensation:
The base pay for this position generally ranges between $91,000.00 to $153,400.00. Additional incentives may be provided as part of a market competitive total compensation package. Factors, such as but not limited to, geographical location, relevant experience, education, and skill level may impact the pay for this position.
Benefits:
We also offer a range of benefits and programs based on eligibility. These benefits include:

• Paid Parental Leave
• Paid Time Off
• 401(k) Plan
• Medical, Dental, Vision, & Health Savings Account
• Short and Long Term Disability, Life, and Accidental Death & Dismemberment insurances
• Recognition Program
• Education Assistance
• Commuter Benefits
• Family Support Programs
• Employee Stock Purchase Plan

Learn more at mydiscoverbenefits.com .
What are you waiting for? Apply today!
All Discover employees place our customers at the very center of our work. To deliver on our promises to our customers, each of us contribute every day to a culture that values compliance and risk management.
Discover is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or other legally protected status. (Know Your Rights)
Discover complies with federal, state, and local laws applicable to qualified individuals with disabilities and is committed to providing reasonable accommodations. If you require a reasonable accommodation to search for a position, to complete an application, and/or to participate in an interview, please email [email protected] . Any information you provide regarding your accommodation needs will be kept confidential and will only be used to determine and provide necessary accommodation.
At Discover, we are committed to creating an inclusive and equitable workplace through our Fair Chance Hiring practices. Fair Chance Hiring means that we base our hiring decisions on an applicant's qualifications rather than their criminal record. All our positions are subject to Section 19 of the Federal Deposit Insurance Act. Our applicants go through a background check, and we follow all applicable local laws, including the Los Angeles County Fair Chance Hiring Ordinance ( LA County Fair Chance ).
Positions marked as remote eligible are limited to remote locations within the country in which the position is based.
Applicants must be 18 or older at the time of hire.