As Security Analyst Professional you will be responsible for conducting cyber security plans, controls, processes, standards, policies, and procedures. You will identify security risks, determine the causes of security violations, and suggest procedures to halt future incidents and improve security. You will evaluate hardware, firmware, and software present on systems for impact on system security and potentially investigate root causes for security incidents. You will report cyber security key performance indicators regarding security posture and support cyber security risk assessments / compliance audits.
This role will provide YOU the opportunity to lead key activities to progress YOUR career. The responsibilities include the following:
· Analyze current security threats & vulnerabilities and prioritize remediation efforts.
· Continuously improve customer’s security posture through engaging business teams with the remediation process for vulnerabilities.
· Regularly communicate with Business teams to focus on the priority security efforts.
· Develop and implement security processes with a companywide impact
· Coordinate with key stakeholders to present requirement and drive project or initiative engagement from a security perspective
· Work with business representatives to identify product/service requirements
· Work with key stakeholders to stage and scope testing and govern the remediation lifecycle of identified findings
· Provide inputs to patch management & provisioning processes to identify opportunities for enhancements regarding shortening remediation cycles.
· Provide input and expertise to Project teams regarding security remediation focus and priority when establishing new systems.
· Support security efforts for supported products & services which fulfill customer, regulatory, and company requirements.
· Participate in the automation of the analytical environment regarding security posture management.
· Identify technical bottlenecks and resolve performance and reliability issues.
· Track remediation progress to key performance indicators.
· Maintain expertise on evolving product/service capabilities
· Experience in Application Security Testing, Vulnerability Assessment and Penetration Testing with thorough understanding of web application vulnerabilities and their mitigation. Expertise in identify false positive and provide mitigation solution to development team.
· Experience with different DAST tools like Web Inspect, Acuentix, Burp Suite etc. Familiarity with OWASP, SANS, CERT, WASC standards/frameworks. Expertise in identify false positive and provide mitigation solution to development team.
· Experience having automated in an Agile environment. Should automate the test suite of mobile test cases. Help team set-up robust mobile test environments.
· Hands on experience and knowledge on security tools for manual Penetration Testing techniques are required besides automated tools and frameworks
· Strong hands on experience in Secure Code Review practice and projects with exposure to SAST tools & manual capabilities for code review
· Experience in Cloud Security (Azure Security Center, AWS Security Hub) or any experience handling any other cloud based solutions. Experience of one or more continuous integration tools – e.g. Jenkins, Bamboo. Performing DevOps tool integration, configuration for SecDevOps
· Experience working with Stakeholders and engaging them in getting the vulnerabilities remediated. Lead vulnerability Identification and remediation process across multiple stakeholders
Must have requirements
· Bachelor’s degree in Computer Engineering or related fields (consult manager on related fields)
· 1-2 years’ experience in security process development -or- 1-2 years' experience in Data Analytics in Technology
Nice to have/preferred requirements
· Experience working with Axonius
· Experience with technical writing
· Knowledge of penetration testing methodologies
· Knowledge of risk management and governance
· Knowledge on how to troubleshoot software issues
· Knowledge on threat attack vectors and security controls
· Knowledge of software quality assurance techniques
· Knowledge of Regulated & Controlled Systems
· Knowledge of Power BI analytical tools