Job Description
In this role you will provide advanced, hands-on representation of the cybersecurity defense team. We hope you possess a solid understanding of information security and should have held positions in cybersecurity and systems administration. You'll also require an understanding of business and governance processes. You should understand that legacy and present-day systems and applications may have weaknesses that can be exploited by external threat actors and potentially lead to a breach. In this position you'll collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy. You will be responsible for short- as well as long-term plans to identify and reduce the attack surface across applications and systems. Use of automated tools to identify, assess and report is expected, with emphasis placed on effective communication to constituents relying on applications and systems that support their business.
Work as a team to consistently learn and share advanced skills and foster team excellence. Familiarity with application architecture design, web application security, mobile application security, API and micro service security, network/infrastructure security, source code scanning and vulnerability assessment. Understand application's architecture, identifying potential attack vectors, and devising strategies to mitigate these threats. Conduct code reviews to identify potential security vulnerabilities and advise on remediation strategies. Create secure coding practices guidelines that developers follow to avoid vulnerabilities and security flaws in their code. Responsible for integrating security tools and processes into the DevOps pipeline. This involves automating security checks and scans to identify and fix vulnerabilities early in the development process. Document, prioritize and formally report application security flaws, along with remediation recommendations and validation. Collaborate with developers and operations teams to endure security is integrated at every stage of software development lifecycle (SDLC). Collaborate with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface. Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise or information leakage. Communicate security findings in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging. Support internal and external auditors in their duties that focus on compliance and risk reduction. Procure and maintain tools and scripts used in static and dynamic code scanning. Periodically attend and participate in change management policy discussions and meetings. Define key performance indicators (KPIs) and metrics across business units to illustrate effectiveness of application security program. Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness. Perform other duties as assigned.
To succeed in this role, you'll need:
Bachelor's degree in Information Security, Information Systems, Computer Science, or equivalent work experience. At least 3-5 years' experience in application security, threat modeling, or vulnerability management. Proficient in multiple programming languages and understand the intricacies and potential security flaws inherent in different languages. Proficiency with security tools and technologies include static analysis tools, dynamic analysis tools, and penetration testing tools. Knowledge of one or more compliance standards, including Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO). Capable of scripting in Python, Bash, Perl or PowerShell. Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.
Certification Preferences:
Preferably, one or more of the following: GWEB, CSSLP, GPEN, or CRISC.
Additional skills and abilities we're seeking:
Strong interpersonal skills. Quality written, oral, and presentation skills to communicate business risk and remediation requirements from assessments. Analytical and problem-solving mindset with an attention to detail. Ability to function with supervision from other analysts. Commitment to operational excellence and continuous process improvement. Willingness to expand security knowledge, skills, and abilities to achieve department initiatives. Self-starter requiring minimal supervision. Highly organized and efficient. Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
To perform the job successfully, an individual should demonstrate the following competencies:
Problem Solving - Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions. Technical Skills - Pursues training and development opportunities; Strives to continuously build knowledge and skills; Shares expertise with others. Quality Management - Looks for ways to improve and promote quality; Demonstrates accuracy and thoroughness. Organizational Support - Follows policies and procedures; Completes administrative tasks correctly and on time; Supports organization's goals and values; Benefits organization through outside activities; Supports affirmative action and respects diversity. Quality - Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance; Monitors own work to ensure quality. Adaptability - Changes the approach or method to best fit the situation.
The work environment characteristics described here maybe encountered while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Moderate noise (i.e., business office with computers, phone, and printers, light traffic). Ability to work in a confined area. Ability to sit at a computer terminal for an extended period. Occasional stooping or kneeling may be necessary. While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear and use hands and fingers to operate a computer keyboard and telephone. Specific vision abilities are required by this job due to computer work. Light to moderate lifting is required. Occasional travel is required.
#LI-JC1
|