This position is for you if you can demonstrate a passion for information security and have a desire to develop your career to become a member of an elite team of security professionals.
In your role as a Security Analyst, you ll be inspired by a team of the brightest business and technical minds in cyber security. Our team comprised of Security Engineers and Analysts are performing threat analysis and responsible applying the latest trends to design solutions to address vulnerabilities. We are interested in speaking with candidates that have experience in Application Security Vulnerability Management (SAST DAST). In this role, you also get to use tools such as Splunk, IDS, IPS. As part of our team, your voice matters, and you
will do important work that has impact, on people and businesses. Youll be responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks for the Infor.
This role will provide technical expertise and work directly with endpoint and infrastructure support teams, as well as drive the vulnerability management program for remediations across the enterprise. You will work with directly with team members as subject matter expert as well as lead for resolution of vulnerabilities, configuration and troubleshooting, and assessment. Your role will support the team across the entire life cycle of vulnerability and configuration management including knowledge and expertise in our tools, asset management, scanning, mitigating controls to assess threat, review of remediation timelines for application related vulnerabilities, projects and reporting. You will be required to track and work with team members across the Infor enterprise for patching and remediation as subject matter expert and liaison.
You will need to have a strong knowledge and experience with Application Security vulnerability management and processes, Windows Linux operating systems, configuration management and vulnerability scanning are required. Knowledge of cloud and infrastructure support systems and network devices such as FW, WAFs, IDS/IPS, etc. is also required. Along with your technical knowledge, attention to details and follow-up are core requirements to this role.
Our industry and our company move fast, and you can be sure that you will always have room to learn and grow.
Key Responsibilities
Min 5 no more than 10
Interact with a global team of Cyber Security Analysts, Engineers, and Specialists.
Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
Own and perform application security vulnerability management.
Facilitate and support the preparation of security releases.
Support and consult with product and development teams in the area of application security.
Assist in development of automated security testing to validate that secure coding best practices are being used.
Configure, deploy, and maintains Web Application Firewall solutions
Monitors systems activities and fine tunes system parameters and configuration to optimize
performance and ensure security of systems.
Creates WAF rules/signatures to mitigate threats and implements best practices
Develop, maintain, test, and troubleshoot cloud web application firewalls and rulesets. The ideal
Candidate should have hands on experience with cloud web application firewalls at all of the
major cloud services providers
Work with Infor s business units to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified risks.
Ownership to create and to drive adoption of security operations procedures for detection and response to vulnerabilities.
Ability to perform actions to try to determine cause and possible mitigation measure for security vulnerabilities with minimal supervision.
Ability to uncover and document tools, technics, procedures relevant to the scheduling and assessment of vulnerability scans (and results), as well as the detection and remediation of vulnerabilities.
Key Requirements/Experience
Ideally 5-7 bullet points plus language requirement / education
Excellent written and oral communications skills and be able to appropriately present highly technical material to both technical and non-technical audiences
Bachelor s degree in Engineering, Computer Science, Information Security, or Information Systems with relevant security engineering certifications
Experience as a security analyst, Minimum of three years experience in Application security testing and Vulnerability Management (approx. 3-4 years)
Proven experience with Security Testing and Vulnerability Management products (SAST DAST) e.g. Burp suit, White Hat Sentinel, Veracode
Familiarity with common security libraries, security controls, and common security flaws.
Basic development or scripting experience and skills.
Experience with OWASP, static/dynamic analysis, and common security tools.
A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
Experience working with developers.
Experience identifying security issues through code review
Must be familiar with CVEs, CVSS, and Mitre as well as other industry specific vulnerability classification standards, frameworks, and best practices
Desirable: ITIL, CEH, ECSA, AWS Certifications
