Security Analyst

What You’ll Do

• Integrate security best practices throughout the DevOps lifecycle, including secure coding, automated security testing, and secure deployment methods.
• Manage and monitor SAST, DAST, and RASP tools within the DevSecOps pipeline.
• Design and develop automation scripts and tools to streamline and enhance security processes, with a focus on Infrastructure as Code (IaC) security checks.
• Deploy, configure, and maintain endpoint security solutions (e.g., EDR, AV, DLP, XDR).
• Monitor security logs and alerts, investigate incidents, and respond to threats within the DevSecOps environment.
• Conduct security risk assessments, audits, and tests to identify vulnerabilities across networks, cloud infrastructure, and web applications.
• Prepare comprehensive security assessments, documentation, and actionable recommendations.
• Collaborate with development and operations teams to improve security awareness and provide guidance on secure coding and deployment practices.
• Evaluate third-party vendor integrations, recommending secure solutions and identifying automation opportunities.
• Establish and implement company-wide best practices for endpoint and end-user security.
• Support incident resolution by applying knowledge of network, infrastructure, application, and operational security in response to security tickets.
• Remain current with emerging IT trends, cybersecurity threats, and industry security standards.
• Develop, enforce, and maintain security policies and procedures to ensure compliance with industry regulations.
• Continuously improve security posture by staying informed of the latest data and application security developments.

What We’re Looking For

• Bachelor’s degree in Computer Science, Information Systems, or a related field.
• Minimum of 3 years of experience in Information Security, Systems Administration, or Software Development.
• Strong knowledge of security principles related to cloud platforms, specifically AWS and Azure.
• Familiarity with firewalls, SIEM tools, the NIST cybersecurity framework, OWASP guidelines, and the application development lifecycle.
• Proven ability to identify and remediate network, cloud, and web application vulnerabilities and communicate preventive measures.
• Proficiency in at least one programming or scripting language such as Java, Node.js, SQL, Python, or PowerShell.
• Security certifications (e.g., Security+, Microsoft, AWS, CySA+, or ISC2) are preferred.
• Willingness to work occasional evenings and weekends as needed.

Preferred Attributes

• A naturally inquisitive mindset with a drive for continuous learning and improvement.
• A collaborative team player who is self-aware and comfortable working across all levels of the organization.
• Strong organizational skills and a passion for advancing cybersecurity practices across applications, databases, and systems.
• Excellent interpersonal skills and a team-oriented attitude.
• Ability to adapt security strategies in response to evolving threat landscapes.
• Proactive in identifying and closing security gaps in endpoint protection.
• Analytical skills to interpret security logs and detect potential threats.
• Strong troubleshooting abilities to resolve patching and endpoint security issues.