650 5th Ave, Floor 12 New York, NY 10019 | Direct Hire
Title: Security Analyst
Status: Full Time
- Our client is seeking a passionate Security Analyst. In this role, your primary focus will be ensuring, enforcing, and maintaining our high standards of security, specifically with regards to member data.
- This role is hands on and technical while requiring a heads-up nature to identify gaps and drive the creative application of state-of-the-art security practices and controls. The ideal candidate will be able to leverage automation and data analysis to embed continuous security practices into our development and operational workflows. The application security program must be designed to ensure that any software developed or acquired meets these stringent standards while enabling rapid innovation to meet the ever-changing needs.
- Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders.
Day to day:
- Conduct security architecture reviews on existing and new technologies and offer plans for remediation/design
- Function as Subject Matter Expert for understanding of architecture, application design, systems engineering, and integration required
- Integrate and develop security tools, standards, and processes into the SDLC and Product Life Cycle
- Improve, develop, and support application security tools for the required security review, testing, and deployments including static analysis and runtime testing tools
- Build and integrate automated security tests into our continuous integration and deployment pipelines
- Conduct manual and automated application security testing and source code auditing for a variety of technologies, including software and hardware
- Manage and conduct penetration tests, red team assessments, and related simulated “ hostile actor” scenarios
- Establish threat modeling practices and ensure integration into the product life cycle
- Share security research on latest best practices, threats, trends, and vulnerabilities, and document and disseminate security guidelines for common security issues and baselines
- Collaborate with software development teams to embed a security mindset into our products and practices (e.g. code reviews, reference implementations, security tooling and practices)
- Guide project teams with encryption standards for Web services, APIs, SSO, Mobile, etc.
- Provide security best practices for data systems in cloud based environments
- Work with developers to design optimal security practices when developing new application functionality
- Support vendor security activities to ensure third-party and open source software and development meet security standards.
- Produce metrics reporting the state of application security programs and performance of development teams against requirements
- Mitigate security risks associated with projects which have a high technical complexity and/or involve significant challenges to the business
- Communicate technical application security concepts to staff, including developers, architects, and managers
- 5-8 years of experience in software development
- Minimum of 8 years experience (in excess of degree requirements). Minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration
- Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security
- Candidates must have excellent verbal and written communication skills, preferably having contributed to technical publications
- Experience with a public cloud based provider (Amazon Web Services, Microsoft Azure, or Google Cloud
- Knowledge of containers and scheduling frameworks (e.g Kubernetes, Docker Swarm, DCOS, ECS)
- Experience integrating security practices into continuous integration tools and pipelines
- Well-rounded background in host, network, and application security including knowledge of internet security issues and threat landscape
- Demonstrable knowledge of TCP/IP, HTTP, application security, and experience supporting service-oriented, asynchronous, and distributed application architectures
- Previous experience on a Security team, coordinating responses to security incidents and/or writing and presenting application security assessment reports.
- Personal passion for security and cutting edge security concepts
- Able to articulate technical details and risks to business leaders
- Ability to listen for nuances and dig into details in order to understand systems deeply.
- Familiarity with a variety of development and testing tools, such as: Eclipse, GIT, GCC, JIRA, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, HP/Fortify SCA, IBM AppScan, and HP WebInspect
- Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques
- Familiarity with industry standards and regulations including PCI, NIST 800-53, FedRAMP and ISO27001 is desired
Bachelor' s degree or higher in Computer Science preferred
If you feel like you are the right fit for the job above, please click the apply online button below and I will be sure to reach out ASAP!