Were looking for a Senior Cyber System Analyst to join our Application Security Team within Information Security Operations. You will play a hands-on role in our Vulnerability Management program, by administering security scanning tools and supporting development teams in identifying and remediating security findings.

DAST/SAST Tool Administration

Analyst will assist in configuring, maintaining, and troubleshooting security scanning tools. Analyst will also support phased integration of DAST tool into deployment pipelines and help maintain scanning schedules and tool documentation

Vulnerability Triage and Remediation tracking:

Analyst will review and validate security findings from tools and collaborating with stakeholders to achieve remediation. Analyst will assist in preparing vulnerability metrics and status reports on progress.

Required Education/Experience

• Master's Degree and 2 years of cybersecurity, application development, or other related IT experience or
• Bachelor's Degree and 3 years of cybersecurity, application development, or other related IT experience or
• High School Diploma/GED and 6 years of cybersecurity, application development, or other related IT experience.

Preferred Education/Experience

• Bachelor's Degree Computer Science, Cybersecurity, or similar field and 3 years of experience.

Relevant Work Experience

• Previous IT or cybersecurity experience, required.
• Knowledge of cybersecurity tools, required.
• Understanding of industry standard policies, processes, and procedures covering incident, problem, and change management, required.
• Understanding of OWASP Top 10, required.
• Proficiency in reading and understanding code across common web languages and frameworks (JS,C#, Angular, .NET), preferred.
• Familiarity with secure coding practices and proficiency in triaging vulnerabilities to understand impact, preferred.
• Previous experience in application scanning and vulnerability management, including configuring and using DAST and SAST scanning technologies and performing vulnerability risk assessments/prioritization, preferred.
• Familiarity with Microsoft Azure and/or other cloud service providers within context of development/publishing of applications, preferred.
• Familiarity with API security testing and common API vulnerabilities, preferred.

Skills and Abilities

• Strong verbal communication and listening skills
• Effective interpersonal skills
• Possesses flexibility to work in a fast paced, dynamic environment
• Well organized, detail oriented and flexible to handle multiple assignments
• Ability to simultaneously handle multiple priorities
• Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses and Certifications

• Driver's License Required
• Other: Technical certifications (e.g. CISSP, CISM, etc.) Preferred

Physical Demands

• Sit or stand to answer a phone for the duration of the workday
• Sit or stand to use a keyboard, mouse, and computer for the duration of the workday
• Stand to use/operate office equipment for the duration of the workday

Additional Physical Demands

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.

Core Responsibilities

• Lead vulnerability management response efforts and events for applications
• Continuously build and implement improvements to application security workflows and processes, including vulnerability scanning, assessment, prioritization, and tracking/remediation
• Develop new and update existing application vulnerability management policies, procedures, runbooks, and other documentation
• Configure and run application testing of applications using industry-standard tools
• Coordinate with application teams on scanning and application security practices, providing governance, oversight, and technical expertise
• Remain up to date on cybersecurity news and emerging vulnerabilities
• Assess and prioritize vulnerabilities for impact and cyber risk
• Communicate vulnerability statuses and associated risk to stakeholders and leadership
• Coordinate with stakeholders to remediate vulnerabilities timely, providing technical expertise and support as needed
• Ensure proper escalation and communication of critical vulnerabilities or other issues to leadership in a timely fashion
• Keep abreast of current developments in application security and vulnerability management and propose recommendations to mitigate risk
• Perform validation that vulnerabilities have been remediated/mitigated, working with other teams as required
• Collect, analyze, create dashboards, and report on vulnerability metrics
• Continuously learn, improve, and hone your skills to deliver advanced assessments
• Present to executive-level stakeholders
• Conduct presentations and education efforts on application security/vulnerability management and best practices
• Serve as a technical SME for more junior members of the vulnerability management team