RESPONSIBILITIES

We are seeking a skilled security analyst to help mature our security enablement team through improving our customer experience.

• Provide consulting services to all product teams, providing advocacy, guidance and education on code security related problems by leveraging enterprise services across product lifecycles, identifying vulnerabilities and implementing secure solutions. 
• Support ISO 27001 certification preparation with guiding remediation of all software products and services.
• Ability to compromise, work collaboratively and navigate complex decision making. 
• Support all teams dealing with Audit, ICC Control Review and OICs as the occur.
• Collaborate Information Tech Operations (ITO), Enterprise Architecture, Model E and Enterprise Cyber Security organizations.
• Work with all regular security and compliance annual activities and education plan for all teams to ensure compliance with corporate policies (Information Security Policy, Code of Conduct, etc.) to deliver + plan. 
• Design, develop and test automation components for product and software especially security related.     
• Facilitate getting all known control gaps identified and develop control improvement plans to raise operational maturity in partnership with Internal Controls team as part of GRC processes.
• Partner with Cyber Defense during incident response for our teams, as required. Help define security standards around CI/CD pipelines, SAST/SCA/DAST testing processes, DevSecOps principles.

QUALIFICATIONS

Minimum qualifications:

• Bachelor’s degree in business, Cyber Security, Computer Science, or Engineering field
• 3+ years of software engineering/systems analyst.
• 3+ years’ experience in cybersecurity analysis, vulnerability management, security consulting

Nice to have qualifications:

• Experience using 1 or more SAST/SCA tools like CheckMarx, FOSSA, 42Crunch or BlackDuck
• Strong working knowledge of Info Sec policy, global purchasing policies and process, GRC component assessment, controls testing, etc.
• Strong understanding of the OWASP Top 10 security vulnerabilities and remediation techniques
• Working knowledge of a variety of regulations, control frameworks, and requirements, such as SOX, NIST 800-53, NIST 800-171, ISO 27001
• Working knowledge of API Security
• Security coding experience with languages like Java, Java Script, Python, Ruby or equivalent
• Working knowledge of engineering concepts around key management, authorization, Cloud Security etc.
• Experience in security operations.
• Experience working with GCP and particularly securing GCP assets and development pipelines.
• Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents.
• Familiarity with automation test scripts, test plans and configuration of test systems.
• Experience working with GAO and/or Internal Control
• Strong working knowledge of architecture patterns and resources
• Certifications are highly valued (CISSP, CISA, CISM, etc.)