RESPONSIBILITIES
We are seeking a skilled security analyst to help mature our security enablement team through improving our customer experience.
- Provide consulting services to all product teams, providing advocacy, guidance and education on code security related problems by leveraging enterprise services across product lifecycles, identifying vulnerabilities and implementing secure solutions.
- Support ISO 27001 certification preparation with guiding remediation of all software products and services.
- Ability to compromise, work collaboratively and navigate complex decision making.
- Support all teams dealing with Audit, ICC Control Review and OICs as the occur.
- Collaborate Information Tech Operations (ITO), Enterprise Architecture, Model E and Enterprise Cyber Security organizations.
- Work with all regular security and compliance annual activities and education plan for all teams to ensure compliance with corporate policies (Information Security Policy, Code of Conduct, etc.) to deliver + plan.
- Design, develop and test automation components for product and software especially security related.
- Facilitate getting all known control gaps identified and develop control improvement plans to raise operational maturity in partnership with Internal Controls team as part of GRC processes.
- Partner with Cyber Defense during incident response for our teams, as required. Help define security standards around CI/CD pipelines, SAST/SCA/DAST testing processes, DevSecOps principles.
QUALIFICATIONS
Minimum qualifications:
- Bachelor’s degree in business, Cyber Security, Computer Science, or Engineering field
- 3+ years of software engineering/systems analyst.
- 3+ years’ experience in cybersecurity analysis, vulnerability management, security consulting
Nice to have qualifications:
- Experience using 1 or more SAST/SCA tools like CheckMarx, FOSSA, 42Crunch or BlackDuck
- Strong working knowledge of Info Sec policy, global purchasing policies and process, GRC component assessment, controls testing, etc.
- Strong understanding of the OWASP Top 10 security vulnerabilities and remediation techniques
- Working knowledge of a variety of regulations, control frameworks, and requirements, such as SOX, NIST 800-53, NIST 800-171, ISO 27001
- Working knowledge of API Security
- Security coding experience with languages like Java, Java Script, Python, Ruby or equivalent
- Working knowledge of engineering concepts around key management, authorization, Cloud Security etc.
- Experience in security operations.
- Experience working with GCP and particularly securing GCP assets and development pipelines.
- Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents.
- Familiarity with automation test scripts, test plans and configuration of test systems.
- Experience working with GAO and/or Internal Control
- Strong working knowledge of architecture patterns and resources
- Certifications are highly valued (CISSP, CISA, CISM, etc.)