Our Security Team is expanding and is seeking an additional Security Analyst that will be instrumental in the decision-making process in relation to the companies' security framework and tools structure. The chosen candidate will be expected to handle daily security related tasks, as well as providing research and guidance to security related projects the Security Team is involved in. This position will allow the candidate freedom to seek out additional projects that will improve the current security posture of the company, as well as future-proofing the company of security threats on the horizon.
Key Job Responsibilities:
- Design, develop, integrate, and update system security solutions that provide confidentiality, integrity, availability, authentication, and non-repudiation.
- Coordinate with systems architects and developers to provide guidance in the development and integration of secure design solutions.
- Understand and follow secure coding practices.
- Research and evaluate available technologies and standards to meet requirements, work with vendors, procurement and the architecture team to standardize on product selections.
- Ensure security is built into tools used by operations groups (security, network, DevOps, general user).
- Act as system owner for security technologies and ensure they remain properly maintained.
- Assess threats to and vulnerabilities of computer system(s) to assist the Risk and Compliance team in developing a security risk remediation plan
- Validate IT solutions collaboratively with infrastructure and application development project teams, ensuring that corporate security policy, standards and industry best practices are met.
- Coordinate with IT Operations team for the production readiness of security infrastructure solutions supporting mission-critical production environments and applications.
- Stay current with developing technologies, emerging threat landscape and predict the impact of changing technologies.
- Bachelor’s degree in a Computer Science related field or 4 years of equivalent education, training and experience.
- Understanding of IT risk and vulnerability mitigation.
- Familiarity with technology in the following areas: Cryptography, Linux, DBMS, Networking components, IDS/IPS, Servers, AD, Cloud, Automated/Application Controls, Access Controls, Firewalls, Physical Security, and Security Architecture/Design.
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives
- Able to manage multiple priorities – projects, deliverables, and stakeholders
- Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives
- Strong analytical, documentation and communication skills, which will translate into the ability to interface effectively with all levels of employees and management within the company.
- One or more of these preferred security certifications: CISSP, CISA, CISM, CRISC, OSCP, or GXPEN.
- Risk/ threat analysis, technical security assessment, controls mitigation and issues remediation experience.
- Overall knowledge of application development and Open Web Application Security Project (OWASP)
- Knowledge of forensics, network analysis, log analysis, systems hardening, encryption technologies, certificates, mobile and web application security.
- Understand modern encryption technology/techniques while also being able to implement them in a real world situation.
- Knowledge of cloud deployments and associated security risks is required, an understanding of IaaS and SaaS based risks and mitigating security control solutions is essential.
- Python and/or Java programming experience.
- Experience with the following information security governance and compliance efforts (ISO 27001, PCI-DSS, SSAE16/SOC, NIST 800-53, GDPR and HIPAA.
This is an exciting opportunity to work with a highly innovative and creative team, in a great working environment using the latest technologies, methodologies, and frameworks. A competitive salary and benefits package will be offered to the right candidate.