Job responsibilities

• Conduct Static Application Security Testing (SAST) and Dynamic Application Security

Testing (DAST).

• Perform security testing on various types of applications, including web, APIs, thick

clients, and mobile applications, as well as their supporting infrastructure.

• Utilize application artifacts such as business requirements, user stories, design

documents, and architecture documents to understand the testing scope and create

targeted security user stories or misuse cases.

• Analyze source code to mitigate identified weaknesses and vulnerabilities within the

system.

• Manage firewalls, network and host intrusion prevention/detection systems, virtual

private networks, threat intelligence platforms, endpoint protection, security training

platforms, email security, forensic tools, public/private/hybrid cloud infrastructure,

identity and access management systems, and physical security systems.

• Monitor security operations center tools and dashboards.

• Perform threat hunting activities using security operations center tools.

• Proactively respond to tickets and incidents.

• Coordinate with the Incident Response team to remediate security incidents as needed.

• Manage and execute security assessments for multiple projects simultaneously,

ensuring project timelines are met.

• Assist with risk analysis activities and design and implement controls to mitigate risk.

• Collaborate and communicate with Compliance, Internal Audit, Business teams, and

others to identify, analyze, and communicate risks; provide support around vulnerability

management within their business requirements.

• Identify, develop, and implement mechanisms to detect vulnerabilities and how they

may lead to corporate incidents to enhance compliance with and support security

standards and procedures.

• Understand compliance requirements that may impact security and effectively

collaborate with business areas and project teams to develop security solutions that

address these requirements.

• Assume a leadership role in advocating internally and externally for compliance with

security measures to protect corporate applications and environments.

• Work with information systems owners and administrators to understand their security

needs and assist with implementing practices and procedures consistent with security

policies.

• Identify opportunities for process improvements and automation.

• Collect and aggregate information from various sources and formats for relevance to

our environment; monitor and provide metrics on the threat level of vulnerabilities.

• Contribute to team activities and planning to improve team skills, awareness,

communication, reputation, and quality of work.

• Build and maintain supplier partnerships to further the company mission and goals.

• Maintain current knowledge of industry trends and standards.

• Create and maintain environmental documentation, tasks, change records, etc.

Essential Skills

• In-depth knowledge of security monitoring and incident response.

• In-depth knowledge of risk analysis and risk mitigation strategies.

• Full understanding of networking technologies and networking protocols with an

emphasis on TCP/IP.

• Scripting experience such as PowerShell, JavaScript, or Python.

• Computer forensics knowledge and experience.

• Understanding of security standards such as NIST 800-53, GDPR, and others.

• Experience working with Identity and Access Control Management Tools.

• Understanding of Defense in Depth strategies.

• Understanding of Security Operations Tools such as SIEM, EPM, DLP, Vulnerability

Management, Firewalls, WAFs, Antivirus Solutions, Email Protection Solutions, Incident

Response and Threat Management.

• In-depth knowledge of computer operating systems such as Windows, MacOS and

Linux.

• Understanding of database administration and application development life cycle

regarding cybersecurity.

Education, Experience, & Certification

• 8 years of experience as Cybersecurity Analyst with focus on Application Security

• Bachelor's degree in Information Systems Security or related degree.

• Technical relevant certifications such as Microsoft MTA, ISACA CSX, CompTIA Security ,

GIAC GISF or ISC 2 SSCP or higher-level certifications.