Senior Cyber Security Analyst

Roles and responsibilities:

• Considered subject matter expert within discipline
• Solves complex problems; takes a broad perspective to identify innovative solutions
• Can either work independently on in teams
• Requests guidance in complex situations or when needed
• Interprets challenges and recommends best practices to improve processes
• Capacity to lead functional teams or projects to solve complex problems and deliver solutions
• Communicates difficult concepts and negotiates with others to conclude on goal-centric points of view
• Provides resolution support to wide array of issues that are complex in scope
• Contributes to departmental business planning and solution design
• Uses expert level Cyber Security knowledge base to complete tasks
• Intrinsic understanding of software development life cycles
• Excellent oral and written communication skills
• Understanding of security by design principles, architecture concepts & security frameworks (NIST, PCI, OWASP, etc.)
• Knowledge of current and emerging security technologies, threats, and techniques for exploiting security vulnerabilities in
• the code or application

Requirements

• 6+ years of experience working with systems deployed on AWS
• 4+ years of technical experience in Incident Management for AWS Cloud solutions
• 1+ years of experience with AWS Incident Detection and Response
• Demonstrated experience using Splunk for Incident Management and processes supported by Okta CIAM, PhishER, PagerDuty, Imperva, CrowdStrike, AWS Guard Duty, Defender for Cloud Apps, etc.
• Incident Management (2+ years minimum)
• Risk Management techniques (2+ years minimum)
• Vulnerability Management
• Web Application Firewalls such as Imperva
• As a subject matter expert or stakeholder, has previously supported information security audits in any of the following
• frameworks or regulations: PCI DSS, NIST, SOC 1 or 2, ISO 27001, Sarbanes-Oxley (SOX) or HITRUST
• Experience in analyzing threats of cloud and application components, such as findings from Security Assessments

Nice to have:

• Familiarity with Jira, GitHub, Okta, WordPress, Qualys VMDR, Jenkins, Rancher, Terraform, Snyk & Contrast
• Familiarity with some of the following concepts:
• SAST (Static Application Security Testing)
• DAST (Dynamic Application Security Testing)
• SCA (Software Composition Analysis)
• SBOM (Software Bill of Materials)
• Image Scanning
• SOAR (Security Orchestration, Automation and Response), good if experienced in
• IaC (Infrastructure as Code)
• Threat Modeling
• PenTesting (Web App, Mobile, External)
• CSA (Cloud Security Assessment)
• Familiarity with Java (including npm and Maven), Docker & Kubernetes