Information Security Analyst II

Responsibilities

• Reporting into the Chief Information Officer (CIO) Team with a mindset and focus on Development Security Operations, imbedding security throughout the Systems Development Life Cycle (SDLC), providing advice on regulations as they apply to security in application development, expert in application security principles, risks, attacks, and resources such as Open Web Application Security Project (OWASP)

• Lead CIO team member responsible for tools related to dynamic scans, static source code reviews, and application penetration testing e.g. BlackDuck, WhiteHat, Veracode, Nexpose, Wiz

• Advisor on application development architectures, platforms, methodologies, and supporting operations

• Advisor on web proxies, web application firewalls, and vulnerability assessment tools

• Provide consultation services to business units, Project Management Office (PMO), and developers during the early phases to ensure secure application design.

• Perform ongoing consultative analytical tasks in partnership with Information Technology (IT) to ensure the upmost security in in-house developed applications, mobile applications, and third-party applications

• Plan, test, and deploy security controls to augment Quality Assurance (QA) and Change Management functions

• Contribute to the incident response analysis including updates to related documentation i.e. policies, standards, guidelines, procedures, and escalation processes

• Participate in developing data protection controls in general

• Perform additional duties and projects as assigned by management

Qualifications

• Bachelor's degree in Information Security or equivalent years of experience required

• Minimum three (3) years Risk Management experience required in an Information Technology environment or related discipline (Information Security, Business Continuity Management or Compliance)

• Certified Information Systems Security Professional (CISSP) certification preferred; SANS and other Information Security related certification a plus

• Network and Endpoint security experience required; IDS, IPS, ATP, Malware defenses and monitoring experience

• Demonstrated experience with firewall and system configuration and event log monitoring required

• Knowledge and experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks

• Excellent troubleshooting and analytical thinking skills

• Superb communication, interpersonal skills and collaborative skills a must

• Self-directed, self-starter, and motivated with the ability to work with minimal supervision

• Availabletoworkeveningsandweekendsasneeded