The Lead Application Security Analyst position is responsible for assisting application development teams in automating security testing, practicing proactive security controls during the design and development phases. This enables a collaborative environment focusing on adhering to documented application security standards. This role serves as a crucial liaison between application development and security teams.Strategy & PlanningAcquire and interpret business requirements and functional specifications to recommend security requirements.Maintain knowledge of best security practices through training, research, and involvement with local IT security groups.Identify opportunities for improvement by applying automation and integration techniques to reduce slack time in processes.Work with development and QA teams to ensure the use of secure coding practices and verification methods.Work with dev-ops teams and engineers to integrate security solutions into continuous delivery frameworksMitigate security risks associated with projects, which have a high technical complexity and/or involve significant challenges to the business.Work with risk, application management, and vulnerability management teams to maintain a risk remediation process and security posture dashboard.Acquisition & DeploymentWork with architects and developers to design optimal security practices when developing new application functionality.Operational ManagementProvide advanced troubleshooting support for critical web application problems and issues.Support and maintain application automation and integration with security devices and software.Work with team to update application security standards on an annual basisEnsure that all applications are using effective security monitoring, and work with the endpoint security team to test configurations.Incidental FunctionsDeciding new technologies including: tools, components, and frameworks.Mentor and coach team members and/or Professional Apprentices.Project and task management and reporting as necessary.Make presentations to management, clients, and peer groups as requested.This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.This position is eligible to work in the office three days a week and has the option to work remotely two days a week.Formal Education & CertificationBachelor's degree or foreign equivalent in related field or equivalent experience.GIAC GSSP-Java, GIAC GSSP-NET, CISSP certifications are a plus.Knowledge & Experience8+ years of IT experience5+ years of coding or application security experienceKnowledge of automation tools like GitHub Actions, Ansible, Puppet, or TerraFormKnowledge of oAuth 2.0 and SAML frameworksPrevious experience working with managed services partnerUnderstanding of all phases of the Software Development Lifecycle.Preferred Experience1+ years of experience configuring API gateways and securing APIs3+ years of IT security experienceFamiliar with Web Services and SOA (Service Oriented Architecture)Understanding of web application firewall technologyMentoring security professionalsMinimal travel is requiredWork outside the standard office 7.5 hour workday may be required.Sherwin-Williams is proud to be an Affirmative Action, Equal Employment Opportunity, Inclusion and Diversity Supportive Employer. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identify, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.VEVRAA Federal Contr