Information Security Analyst

GENERAL FUNCTION

The IS Application Security Analyst will support the execution, planning, and administration of the Vulnerability Management function within Information Security (IS). The Vulnerability Management Analyst executes core processes in the vulnerability management program focused on vulnerability assessments, penetration testing and social engineering. Additionally, they will support the remediation of vulnerabilities resident within systems to minimize the organizations’ potential attack surface for exploitation.

The Analyst will provide oversight, drive, facilitate and coordinate the management of vulnerabilities across the enterprise. The Analyst must understand underlying application code approaches in order to effectively review and respond to application security scans. While technical involvement is required, this role is not intended to perform direct remediation. The Analyst will support automated scans and may provide post-development testing assistance to validate that vulnerability remediation efforts are appropriately tested.

BASIC QUALIFICATIONS • Bachelor’s degree computer science, IT or equivalent • 3+ years of experience in IT or IS or Compliance • Experience with major standards such as: SOC 1-2, ISO 27001/2, PCI DSS, HITRUST, SANS, NIST • Demonstrated experience in implementing compliance frameworks for financial services organization or organizations with similar information security needs and requirements • Familiarity and understanding of broad range of IT hardware and software products • Strong project management skills • Excellent presentation, verbal communication, and written skills • Excellent analytical and problem-solving skills • Experience managing typical enterprise security and intrusion detection systems • Ability to work in a collaborative environment across business and technology teams • Ability to interpret application structures and code approaches at a high level in order to review and respond to scan results