Descripción del puesto
We are seeking a motivated professional to join its information security operations team as a Security Analyst focused on managing risks and vulnerabilities for a suite of modern applications, API’s and services. The Security Analyst will play a critical role in safeguarding the integrity and resilience of EVH’s suite of products and services.
Key Responsibilities:
- Working in conjunction with application, platform, and product development teams, regularly review, analyze, and manage vulnerability assessment results to identify potential security weaknesses in applications, APIs and services.
- Collaborate with cross-functional teams to prioritize and categorize vulnerabilities based on severity, potential impact, and likelihood of exploitation.
- Analyze security findings from various sources, such as security tools, penetration tests, to identify trends and patterns.
- Act as an Application Security Champion educating and assisting teams in testing, remediation and deviation processes.
- Manage and drive vulnerability tracking and timelines for remediation.
- Work closely with DevSecOps, and application development teams to ensure timely patching, configuration changes, and updates to address identified vulnerabilities.
- Stay up to date with the latest security threats, vulnerabilities, and mitigation strategies in cloud technologies, and translate this knowledge into actionable insights.
- Collaborate with third-party vendors, Experian cyber fusion team, and internal stakeholders to address vulnerabilities and verify successful remediation.
- Provide regular reports and updates to management regarding the organization's vulnerability posture, ongoing remediation efforts, and improvements made to the vulnerability management program.
- Manage and track completion of security training and awareness programs for business unit.
- Assist with tracking and remediating control gaps.
- Drive efforts to ensure consistency of controls across the business unit.
- Build relationships with key stakeholders across the organization to track and manage risk.
- Mentor teammates on processes, best practices, prioritization, and issue resolution as per Experian policies, standards, and technical service baselines.
- Flexibility to be a utility player where needed as this business evolves.
- Other duties as requested.
Requisitos
Qualifications
- Bachelor's degree in computer science, information technology, cybersecurity, or a related field or demonstrated equivalent experience.
- Have or willingness to achieve industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), and Certified Cloud Security Professional (CCSP).
- Knowledge of major cloud platforms such as AWS, Azure, including experience with cloud security services and configuration management.
- Some experience using scripting languages (e.g., Python, Bash) with a focus on automating security controls.
- Familiarity with API security best practices, API design tools and documentation (e.g., Swagger, Postman) and related tools (e.g., API scanning tools).
- Experience with vulnerability scanning and assessment tools and the ability to interpret and prioritize the results.
- Understanding of security principles, best practices, and common vulnerabilities in modern application development environments.
- Understanding of basic security testing methods and technologies, including penetration testing, web application security assessments, vulnerability assessments, etc.
- Understanding of application development tools and processes.
- Skills to assess and prioritize vulnerabilities based on risk factors, business impact, and industry standards.
- Strong analytical and problem-solving skills to identify root causes of vulnerabilities and work collaboratively with teams to remediate them.
- Effective communication skills, both written and verbal, to interact with technical and non-technical stakeholders, present findings, and provide security recommendations.
- The ability to stay current with evolving cloud, big data, and container security trends, and adapt to new technologies and emerging threats.
- Agile project management skills to manage vulnerability assessments, remediation efforts, and ongoing security initiatives.
- Collaborative attitude, willingness to work in cross-functional teams, and a commitment to a culture of security within the organization.
Beneficios
Law Benefits
Courses and Certifications
100% Remote
Detalles
Nivel mínimo de educación: Universitario
Tags: