Security Analyst

About the role.

The ideal candidate will possess exceptional technical and interpersonal skills, be highly organized and motivated, and enjoy being part of a dynamic team. This role bridges the gap between security, development, and operations, ensuring security best practices are integrated throughout the software development lifecycle. The ideal candidate will have experience with security automation, CI/CD pipelines, cloud security, and vulnerability management. Every day will present you with new and interesting challenges that will test your technical abilities as well as your problem-solving skills.

What you'll do.

• Embed security best practices into DevOps processes, ensuring secure coding, automated security testing, and secure deployment method

• Monitor and assist with maintaining the SAST/DAST and RASP DevOp security pipeline environments

• Develop automation scripts and tools to enhance security processes, including infrastructure as code (IaC) security checks.

• Deploy, configure, and maintain endpoint security tools (e.g., EDR, AV, DLP, XDR)

• Monitor security logs and alerts, investigate potential security incidents, and respond to threats within the DevSecOps environment.

• Performs security risk assessments, audits, and tests to uncover network, cloud or web application vulnerabilities.

• Creating, documenting, and reporting security assessments and recommendations

• Partner with development and operations teams to improve security awareness and provide guidance on secure development practices.

• Evaluate 3rd party vendor integrations and recommend secure solutions and automation requirements

• Develop company-wide best practices for endpoint and end-user security.

• Understand the Network, Operational, Infrastructure, and Application security for solving tickets while on the security queue.

• Stay up-to-date on information technology trends and security standards.

• Develop and enforce security policies and procedures to ensure compliance with industry standards and regulations.

• Stay up-to-date with the latest trends and developments in data and application security

What we're looking for.

• Bachelors degree in Computer Science, Information Systems or related field

• 3+ years of experience in Information Security, Systems Administration, or Software Development,

• Strong understanding of security principles in cloud environments (AWS and Azure)

• Understanding of firewalls, SIEM, NIST, and OWASP frameworks, and Application lifecycles.

• Ability to identify and mitigate network, cloud and web application vulnerabilities and explain how to avoid them.

• Working knowledge of computer programming and scripting languages. Java, Node.JS, SQL, python or powershell is preferred

• Security plus, Microsoft,AWS Certification, CYSA+ or ISC (2) Certification is preferred

• Can work on occasional weekends and evening shifts.

Desired Characteristics:

• Intellectual curiosity to learn gaps through an inquisitive mind

• Highly collaborative, personally and professionally self-aware, able to and interested in interacting with employees at all levels of the organization

• Flexible, organized, and passionate about advancing applications, databases, and general cyber security

• Great interpersonal skills and love for a team environment

• Willing to adapt security strategies based on evolving attack trends.

• Continuously monitors and identifies security gaps in endpoint protection.

• Ability to analyze endpoint security logs and identify potential threats.

• Strong troubleshooting skills for resolving patching and security issues.

The base salary for this role can range from $65k-$80k, based on a full-time work schedule. An individual’s ultimate compensation will vary depending on job-related skills and experience, geographic location, alignment with market data, and equity among other team members with comparable experience.