Job Description

Security Analyst Resources plan, implement, upgrade, or monitor security measures for the protection of systems, networks, and information; ensures appropriate security controls are in place to safeguard digital files and vital IT infrastructure; and responds to computer security incidents and breaches. Security Analyst Resources do not access Federal Tax Information.

Requirements

Basic Qualifications (Mandatory):

• A Bachelor’s degree in Computer Science, Information Systems, Engineering, Cybersecurity or a related field.
• At least 10 years of Information Security experience in specialized roles such as penetration testing, application development, application security testing.
• 7-10 years in software development or IT security related fields.
• 3-5 years of experience as a Cloud Security architect or related position.
• Formal education in Computer Science, Information Systems, Engineering, Cybersecurity or a related field can be substituted for the following years of experience:
• Master’s degree: 1 year
• Strong understanding of cloud computing technologies including, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
• Proficient in designing security controls, security tools needs/assessment and technology services.
• Experience working with containerized and micro architecture platform as per the industry best practices.
• Excellent understanding of securing Software Development Life Cycle (SDLC), architecture design and IT operations, and integrating application security into CI/CD pipeline.
• Experience working with threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK, etc.).
• Experience with common vulnerability management process including scanning, analyzing, reporting, remediation planning and tracking.
• Experience working with application security testing tools such as dynamic application security testing, static application security testing, mobile application security testing, source code analysis, vulnerability management.
• Experience with common networking tools (e.g., Wireshark, tcpdump, netcat).
• Experience with security incident or breach investigation and development of strategies to respond to and recover from an incident or breach.
• Familiar with application vulnerability/security frameworks and standards such as OWASP, SANS, CVE, CWS, CVSS, etc.

Preferred Qualifications (Desired):

• Experience in a Health Exchange or its partners would be a plus.
• CompTia Security+, CISSP or other industry recognized certifications.
• Experience with administering serverless, cloud-based enterprise applications and environments.
• Experience and general understanding of object-oriented coding (Java, Python, .Net, etc.).
• Excellent understanding of emerging cybersecurity threats.
• Understanding of core Internet protocols and routing (e.g., DNS, TCP/IP, UDP, IPSEC, routing protocols, etc).
• Operational understanding of cryptography fundamentals (e.g., SSL/TLS, password security, filesystem encryption, etc.).
• Good understanding of security information and event management tools.
• Candidate have experience with the following Software and Services:
• Cloudflare
• Azure Sentinel
• Tenable Nessus 
• Rapid7 AppSec, Insight Vulnerability Management
• BurpSuite
• Ostorlab
• Microsoft Defender
• RecordedFuture
• KnowBe4
• Microsoft Purview
• Microsoft Threat Model
• Jira
• Confluence
• SolarWinds Orion
• PowerShell
• GitHub
• GitHub Advanced Security
• SolarWinds ServiceDesk
• SQL Server Studio
• Postman
  

Job Tags

Similar Jobs