We are seeking a motivated professional to join its information security operations team as a Security Analyst focused on managing risks and vulnerabilities for a suite of modern applications, API's and services. The Security Analyst will play a critical role in safeguarding the integrity and resilience of EVH's suite of products and services.
?
Key Responsibilities:?
• Working in conjunction with application, platform, and product development teams, regularly review, analyze, and manage vulnerability assessment results to identify potential security weaknesses in applications, APIs and services.
• Collaborate with cross-functional teams to prioritize and categorize vulnerabilities based on severity, potential impact, and likelihood of exploitation.
• Analyze security findings from various sources, such as security tools, penetration tests, to identify trends and patterns.
• Act as an Application Security Champion educating and assisting teams in testing, remediation and deviation processes.
• Manage and drive vulnerability tracking and timelines for remediation.
• Work closely with DevSecOps, and application development teams to ensure timely patching, configuration changes, and updates to address identified vulnerabilities.
• Stay up to date with the latest security threats, vulnerabilities, and mitigation strategies in cloud technologies, and translate this knowledge into actionable insights.
• Collaborate with third-party vendors, Experian cyber fusion team, and internal stakeholders to address vulnerabilities and verify successful remediation.
• Provide regular reports and updates to management regarding the organization's vulnerability posture, ongoing remediation efforts, and improvements made to the vulnerability management program.
• Manage and track completion of security training and awareness programs for business unit.
• Assist with tracking and remediating control gaps.
• Drive efforts to ensure consistency of controls across the business unit.
• Build relationships with key stakeholders across the organization to track and manage risk.?
• Mentor teammates on processes, best practices, prioritization, and issue resolution as per Experian policies, standards, and technical service baselines.
• Flexibility to be a utility player where needed as this business evolves.
• Other duties as requested.
Qualifications
• Bachelor's degree in computer science, information technology, cybersecurity, or a related field or demonstrated equivalent experience.
• Have or willingness to achieve industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), and Certified Cloud Security Professional (CCSP).
• Knowledge of major cloud platforms such as AWS, Azure, including experience with cloud security services and configuration management.
• Some experience using scripting languages (e.g., Python, Bash) with a focus on automating security controls.
• Familiarity with API security best practices, API design tools and documentation (e.g., Swagger, Postman) and related tools (e.g., API scanning tools).
• Experience with vulnerability scanning and assessment tools and the ability to interpret and prioritize the results.
• Understanding of security principles, best practices, and common vulnerabilities in modern application development environments.
• Understanding of basic security testing methods and technologies, including penetration testing, web application security assessments, vulnerability assessments, etc.
• Understanding of application development tools and processes.
• Skills to assess and prioritize vulnerabilities based on risk factors, business impact, and industry standards.
• Strong analytical and problem-solving skills to identify root causes of vulnerabilities and work collaboratively with teams to remediate them.
• Effective communication skills, both written and verbal, to interact with technical and non-technical stakeholders, present findings, and provide security recommendations.
• The ability to stay current with evolving cloud, big data, and container security trends, and adapt to new technologies and emerging threats.
• Agile project management skills to manage vulnerability assessments, remediation efforts, and ongoing security initiatives.
• Collaborative attitude, willingness to work in cross-functional teams, and a commitment to a culture of security within the organization
Benefits
Law Benefits
Courses and Certifications
100% Remote
