FLEX Supply Chain Security Analyst

This is a temporary position.   

The Supply Chain Security Analyst will assist in supporting and improving the security of containerized applications and open-source software usage through container image security and software composition analysis (SCA). The ideal candidate will have a strong foundational understanding of application security, a proactive mindset, and knowledge of containerized environments and modern development pipelines. The role is designed to provide hands-on experience in application security within a corporate environment, with a strong focus on learning and development.

 

CANDIDATE PROFILE

 

Education and Experience

 

Required:

• Associate’s degree in Cybersecurity, Computer Science or related field or equivalent experience/certification
• 2+ years of information technology experience
• Strong understanding of basic programming concepts and principals (interpretation, compilation, loops, control structures, data types)
• Basic understanding of security testing methodologies, tools, and approaches
• Basic understanding of vulnerability management and risk management
• Basic understanding of OWASP Top 10 and its implications to software security
• Strong interest in cybersecurity and a willingness to learn on the job
• Basic understanding of common software development practices and procedures (version control, testing, patching, CI/CD)
• Basic understanding of the Software Development Lifecycle (SDLC)
• Proficiency in Microsoft Word, PowerPoint, and Excel
• Excellent communication skills.

 

Preferred:

• Bachelor’s degree in Cybersecurity, Computer Science, or related field or equivalent experience/certification
• Current information security certification, including: GSEC, GSIF, CySA+, Security+, CEH, GRISC, CISA
• 2+ years of experience in a cybersecurity, DevSecOps, or software security support role
• Practical experience with container platforms (e.g., Docker, Kubernetes) and image scanning tools
• Basic understanding of CI/CD pipelines and modern development workflows (e.g., Git, Jenkins, GitLab CI)
• Experience working in a regulated environment (e.g., finance, healthcare, government)
• Experience with conducting risk assessments and developing risk mitigation strategies
• Understanding of CVSS scoring and vulnerability management workflows
• Strong foundational knowledge of QA testing practices and principles
• Strong foundational knowledge of OWASP Top 10
• Experience assisting in vendor relationship management

 

CORE WORK ACTIVITIES

 

Container Security and Supply Chain Management

• Monitor and triage findings from container image scanning tools (e.g., Trivy, Clair, Anchore, Aqua, or Prisma Cloud)
• Support the integration and maintenance of SCA tools (e.g., Snyk, Black Duck, WhiteSource, or GitHub Dependabot)
• Collaborate with development and DevOps teams to ensure secure use of open-source components
• Interpret vulnerabilities, misconfigurations, and associated remediations
• Assist in the creation and enforcement of security policies related to containerization and open-source use
• Support the triage and resolution of security scanning related issues in CI/CD pipelines
• Assist the Senior Manager in vendor relationship management
• Assist in monitoring compliance with security standards and regulatory requirements related to container and web application security
• Assist in tracking and documenting risk mitigation efforts, ensuring timely resolution of identified issues
• Learn and assist in the use of security scanning tools for basic operations
• Work closely with development and DevOps teams to integrate risk management practices into the software development lifecycle
• Gain exposure to security frameworks and standards, under the mentorship of the Senior Manager
• Contribute to the development and maintenance of compliance documentation, including policies, procedures, and control frameworks
• Aid in the use of project management tools like JIRA to track tasks and projects

 

Additional Responsibilities 

• Informs, updates, and provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner.
• Attends and participates in all relevant meetings.
• Presents ideas, expectations and information in a concise, organized manner.
• Uses problem solving methodology for decision making and follow up.
• Maintains positive working relations with internal customers and department managers.
• Manages time effectively and conducts activities in an organized manner.
• Performs other reasonable duties as assigned by manager.

 

The pay range for this position is $33.94 to $53.46 per hour.                                                                                                                                                                      

FLEX opportunities offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts.  Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected.  Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD.

 

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.