Cybersecurity Analyst

Job Description:

RESPONSIBILITIES

We are seeking a skilled security analyst to help mature our security enablement team through improving our customer experience.

  • Provide consulting services to all product teams, providing advocacy, guidance and education on code security related problems by leveraging enterprise services across product lifecycles, identifying vulnerabilities and implementing secure solutions. 
  • Support ISO 27001 certification preparation with guiding remediation of all software products and services.
  • Ability to compromise, work collaboratively and navigate complex decision making. 
  • Support all teams dealing with Audit, ICC Control Review and OICs as the occur.
  • Collaborate Information Tech Operations (ITO), Enterprise Architecture, Model E and Enterprise Cyber Security organizations.
  • Work with all regular security and compliance annual activities and education plan for all teams to ensure compliance with corporate policies (Information Security Policy, Code of Conduct, etc.) to deliver + plan. 
  • Design, develop and test automation components for product and software especially security related.     
  • Facilitate getting all known control gaps identified and develop control improvement plans to raise operational maturity in partnership with Internal Controls team as part of GRC processes.
  • Partner with Cyber Defense during incident response for our teams, as required. Help define security standards around CI/CD pipelines, SAST/SCA/DAST testing processes, DevSecOps principles.

 

QUALIFICATIONS

Minimum qualifications:

  • Bachelor’s degree in business, Cyber Security, Computer Science, or Engineering field
  • 3+ years of software engineering/systems analyst.
  • 3+ years’ experience in cybersecurity analysis, vulnerability management, security consulting

Nice to have qualifications:

  • Experience using 1 or more SAST/SCA tools like CheckMarx, FOSSA, 42Crunch or BlackDuck
  • Strong working knowledge of Info Sec policy, global purchasing policies and process, GRC component assessment, controls testing, etc.
  • Strong understanding of the OWASP Top 10 security vulnerabilities and remediation techniques
  • Working knowledge of a variety of regulations, control frameworks, and requirements, such as SOX, NIST 800-53, NIST 800-171, ISO 27001
  • Working knowledge of API Security
  • Security coding experience with languages like Java, Java Script, Python, Ruby or equivalent
  • Working knowledge of engineering concepts around key management, authorization, Cloud Security etc.
  • Experience in security operations.
  • Experience working with GCP and particularly securing GCP assets and development pipelines.
  • Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents.
  • Familiarity with automation test scripts, test plans and configuration of test systems.
  • Experience working with GAO and/or Internal Control
  • Strong working knowledge of architecture patterns and resources
  • Certifications are highly valued (CISSP, CISA, CISM, etc.)