Senior Cyber Security Analyst - IT

Senior Cyber Security Analyst

Roles and responsibilities:

- Considered subject matter expert within discipline

- Solves complex problems; takes a broad perspective to identify innovative solutions

- Can either work independently on in teams

- Requests guidance in complex situations or when needed

- Interprets challenges and recommends best practices to improve processes

- Capacity to lead functional teams or projects to solve complex problems and deliver solutions

- Communicates difficult concepts and negotiates with others to conclude on goal-centric points of view

- Provides resolution support to wide array of issues that are complex in scope

- Contributes to departmental business planning and solution design

- Uses expert level Cyber Security knowledge base to complete tasks

- Intrinsic understanding of software development life cycles

- Excellent oral and written communication skills

- Understanding of security by design principles, architecture concepts & security frameworks (NIST, PCI, OWASP, etc.)

- Knowledge of current and emerging security technologies, threats, and techniques for exploiting security vulnerabilities in the code or application

Requirements:

- 6+ years of experience working with systems deployed on AWS

- 4+ years of technical experience in Incident Management for AWS Cloud solutions

- 1+ years of experience with AWS Incident Detection and Response

- Demonstrated experience using Splunk for Incident Management and processes supported by Okta CIAM, PhishER, PagerDuty, Imperva, CrowdStrike, AWS Guard Duty, Defender for Cloud Apps, etc.

- Incident Management (2+ years minimum)

- Risk Management techniques (2+ years minimum)

- Vulnerability Management

- Web Application Firewalls such as Imperva

- As a subject matter expert or stakeholder, has previously supported information security audits in any of the following frameworks or regulations: PCI DSS, NIST, SOC 1 or 2, ISO 27001, Sarbanes-Oxley (SOX) or HITRUST

- Experience in analyzing threats of cloud and application components, such as findings from Security Assessments

Nice to have:

- Familiarity with Jira, GitHub, Okta, WordPress, Qualys VMDR, Jenkins, Rancher, Terraform, Snyk & Contrast

- Familiarity with some of the following concepts:

- SAST (Static Application Security Testing)

- DAST (Dynamic Application Security Testing)

- SCA (Software Composition Analysis)

- SBOM (Software Bill of Materials)

- Image Scanning

- SOAR (Security Orchestration, Automation and Response), good if experienced in

- IaC (Infrastructure as Code)

- Threat Modeling

- PenTesting (Web App, Mobile, External)

- CSA (Cloud Security Assessment)

- Familiarity with Java (including npm and Maven), Docker & Kubernetes