Job Overview: 
The Application Security Analyst is a foundational member of the new Application Security team at
Cardinal Health. This analyst blends their Software Development experience and education with a
desire for shifting Information Security to early in software development lifecycles (SDLCs) to serve
Cardinal Health’s best interests, balancing security with software delivery. 
Responsibilities include the following: 
 Support the implementation and configuration of application security tools
 Partnering with application teams to assist with remediation of security gaps
 Assist in monitoring organizational compliance with Application Security standards
 Support the evaluation of new technologies and programming practices to facilitate application
team secure adoption across the enterprise
 Support ingesting application logs into SIEM and application monitoring and alerting systems to
help build detections indicating possible application attacks and resiliency issues
 Assisting the Incident Response team on application security investigations, where needed
 Collaborating across Information Security to advocate for Application Security 
 Building custom tooling when none exists to enable software teams to embed security into their
processes
 Executing on the Application Security roadmap with the guidance of senior technical leaders
Qualifications: 
 Required Qualifications

 Proven experience with one or more of the following development languages/platforms: Java,
JavaScript, .NET/C#, Python, PHP/Laravel or CodeIngnitor
 2yrs-5yrs of relevant experience
Preferred Qualifications
 Familiarity with Application Security concepts
 Understanding or previous experience in one or more of the following preferred: 
o SDLC and DevSecOps concepts such as CI/CD pipelines 
o Agile development concepts and methods such as Scrum or Kanban
o Container concepts and technologies, including Docker and Kubernetes
o OWASP Top 10
o Static or Dynamic code scanning and subsequent remediations
o Common application security controls, including WAF 
o Common patterns for AuthN and AuthZ 
o Experience in understanding the SCA/SAST/DAST Scanning process.
o Experience in understanding the scan results and share the tools agnostics to the
application teams.
o Experience in creating dashboards and guide the application teams through the
remediation process.
o Experience in Veracode a Plus.
o API Security – knowledge
 One or more Information Security Certifications preferred: CISSP, CSSLP, CISM, CCSP, GSLC,
GSEC, CISA