Job Description Summary
Our client is looking for a Senior Product Security Analyst, with a focus on secure product development, supply chain risk management and risk assessment solutions. In this role you will partner with Company’s engineering and project teams to deliver secure product solutions to our customers.
Essential Responsibilities
You are a highly technical security professional who enjoys challenging problems and has a very strong background in secure software development and application security.
- Identify process improvements to increase the security of our CI/CD product supply chain
- Maintain security toolsets and provide guidance on automated testing tools and techniques
- Contribute technical content for security training, potentially developing labs and demos
- Create and maintain product security profiles and relevant security related artifacts
- Assist delivery teams in assembling appropriate security artifacts to satisfy customer requirements
- Author and tailor security reports and communications for different audiences
- Design and conduct manual and automated security test procedures, ensuring auditable evidence
- Execute vulnerability scans to identify and remediate security vulnerabilities/anomalies
- Script security tests and procedures as needed
- Investigate product and third-party vulnerabilities and recommend remediation options
- Participate in vulnerability risk evaluations and incident response
- Engage in application and domain-specific threat modeling; assist teams with mitigation strategies
- Create and track meaningful security metrics around product cyber risk
- Be familiar relevant current and upcoming cyber security standards (such as NERC CIP)
Basic Qualifications:
- Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with minimum 4 years of experience
- Minimum 2 years of experience developing software using a secure SDLC
- Minimum 2 years of experience within security or risk management
- Proficiency with security tools such as Burpsuite, WhiteSource, Coverity, nmap, etc.
- Must be open to a flexible work schedule to collaborate with our global team
Eligibility Requirements:
- Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.
Desired Characteristics/Technical Expertise:
- Experience in the utility/power industry highly desired
- Regulatory/standards mindset, collaboration comfortable, independently driven, excellent communicator, meticulous attention to detail and documentation
- Active professional certification (GIAC, CompTIA, CEH, etc.)
- Experience participating in cyber security audits using framework such as ISO 27001
- Collaboration experience with Agile development teams
- Passion for secure coding principles as both a hands-on user and instructor
- Experience with scripting, security tools selection and integration
- Experience building manual security tests, and using tools for penetration testing and ethical hacking
- Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
- Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
- Experience with integration security challenges such as securing databases and web servers
- Must be available on call for potential security response
- Must be available after normal working hours from time to time, to support non-US teams
- Knowledge and experience participating in Threat Modeling, risk analysis and evaluation techniques
- Deep knowledge of Cyber Security, but broad knowledge of engineering and infrastructure functions