Talent.com
Security Analyst

Security Analyst

Emonics LLCCalifornia, United States
30+ days ago
Job description

Role : Security Analyst

Tech Level :  III

Location :

Rancho Cucamonga ☐CRC San Bernardino ☐CRC Riverside ☐ CRC Victorville

Telecommute

Position Summary

Under the direction of the Manager, Information Security Operations, the Engineer III –Security Analyst will use subject matter expertise to give guidance, best practices, and support to business and technology stakeholders during the deployment of critical business and technology initiatives. The role will have a deep understanding of global threat actors and their tactics, techniques, and procedures employed during cyber attacks

The Security Analyst will be subject matter expect in perform penetration testing, source code review for the development organizations and collaborate with teams to ensure proper remediation. The role will be responsible for application security testing on various types of applications such as Web, API's, Thick Client's, Mobile, etc., inclusive of the supporting infrastructure components.

Part D : POSITION MAJOR FUNCTIONS

Duties and Responsibilities

This section is an outline of functions performed on a regular basis, how the position functions within company, and who the tasks are exchanged with.

  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
  • Perform application security testing on various types of applications such as Web, API's, Thick Client's, Mobile, etc., inclusive of the supporting infrastructure components.
  • Leverage application artifacts such as business requirements, user stories, design documents, architecture documents to understand the testing scope and create targeted security user stories or misuse cases.
  • Manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met.
  • Identify opportunities for process improvements and automation.
  • Analyze source code to mitigate identified weaknesses and vulnerabilities within the system.
  • Manage firewalls, network and host intrusion prevention / detection systems, virtual private networks, threat intelligence platforms, endpoint protection, security training platforms, email security, forensic tools, public / private / hybrid cloud infrastructure, identity and access management systems, and physical security systems.
  • Collects and aggregates information from a wide variety of sources and formats for relevance to our environment; monitors and provides metrics on threat level of vulnerabilities.
  • Contributes and participates in team activities and planning in regard to improving team skills, awareness, communication, reputation, and quality of work.
  • Monitor security operations center tools and dashboards.
  • Perform threat hunting activities using security operations center tools.
  • Assist with risk analysis activities.
  • Assist with designing and implementing controls to mitigate risk.
  • Collaborates and communicates with Compliance, Internal Audit, the Business teams, and others to identify, analyze, and communicate risk; and provides support around vulnerability management within their business requirements.
  • Identifies, develops, and implements mechanisms to detect vulnerabilities and how they may lead to corporate incidents in order to enhance compliance with and support of security standards and procedures.
  • Responds to tickets and incidents in a proactive manner.
  • Coordinates with the Incident Response team to remediate security incidents as needed.
  • Understands compliance requirements that may impact security and effectively collaborates with business areas and project teams to develop security solutions that address these requirements.
  • Assumes a leadership role in advocating internally and externally for compliance to security measures to protect corporate applications and environments.
  • Works with information systems owners and administrators to understand their security needs and assists with implementing practices and procedures consistent with security policies.
  • Builds and maintains supplier partnerships to further the company mission and goals.
  • Maintains current knowledge of industry trends and standards.
  • Creates and maintains environmental documentation, tasks, change records, etc.
  • Perform other duties as assigned

Part E : MINIMUM REQUIRED QUALIFICATIONS TO PERFORM POSITION

Experience Requirements

  • 8+ years of experience as Cybersecurity Analyst with focus on Application Security
  • Bachelor’s degree in Information Systems Security or related degree.
  • In-depth knowledge of security monitoring and incident response.
  • In-depth knowledge of risk analysis and risk mitigation strategies.
  • Full understanding of networking technologies and networking protocols with an emphasis on TCP / IP.
  • Understanding of Defense in Depth strategies.
  • Understanding of Security Operations Tools such as SIEM, EPM, DLP, Vulnerability Management, Firewalls, WAFs, Antivirus Solutions, Email Protection Solutions, Incident Response and Threat Management.
  • In-depth knowledge of computer operating systems such as Windows, MacOS and Linux.
  • Understanding of database administration and application development life cycle regarding cybersecurity.

    • Educational Background

    Bachelor Degree with a major in computer related field or similar technical field from an accredited institution required Significant experience may be considered in lieu of degree, with a Minimum of 10 years of experience in CyberSecurity with focus on Application security

    Professional Certification

    Security related certifications such as Microsoft MTA, ISACA CSX, CompTIA Security+, GIAC GISF or ISC 2 SSCP or higher-level certifications.

    Knowledge

  • Scripting experience such as PowerShell, JavaScript, or Python.
  • Computer forensics knowledge and experience.
  • Understanding of security standards such as NIST 800-53, GDPR, and others.
  • Experience working with Identity and Access Control Management Tools .

    • Skills

    Strong planning, organization, critical thinking, decision-making and communication (verbal and written) skills.

    Abilities

    Projects involving lift server appliance weights up to 50 lbs. and heavy eye strain with computer monitors.

    Commitment to Team Culture