Security Analyst (Expert)

Security Analyst Resources plan, implement, upgrade, or monitor security measures for the protection of systems, networks, and information; ensures appropriate security controls are in place to safeguard digital files and vital IT infrastructure; and responds to computer security incidents and breaches.

EXPERIENCE (MANDATORY):

• Strong understanding of cloud computing technologies including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
• Proficient in designing security controls, security tools needs/assessment and technology services.
• Experience working with containerized and micro architecture platform as per the industry’s best practices.
• Excellent understanding of securing SDLC, architecture design and IT operations, and integrating application security into CI/CD pipeline.
• Experience performing application security code and roles matrix review and practical risk assessments.
• Experience working with threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK, etc.).
• Experience with common vulnerability management process including scanning, analyzing, reporting, remediation planning and tracking.
• Experience working with application security testing tools such as dynamic application security testing, static application security testing, mobile application security testing, source code analysis, vulnerability management.
• Experience with common networking tools (e.g., Wireshark, tcpdump, netcat).
• Experience with security incident or breach investigation and development of strategies to respond to and recover from an incident or breach.
• Familiar with application vulnerability/security frameworks and standards such as OWASP, SANS, CVE, CWS, CVSS, etc.

QUALIFICATIONS (DESIRED):

• Experience in a Health Exchange or its partners would be a plus.
• CompTIA Security+, CISSP or other industry recognized certifications.
• Experience with administering serverless, cloud-based enterprise applications and environments.
• Experience and general understanding of object-oriented coding (Java, Python, .Net, etc.).
• Understanding of core Internet protocols and routing (e.g., DNS, HTTP, HTTPS, TCP/IP, UDP, IPSEC, routing protocols, etc.).
• Operational understanding of cryptography fundamentals (e.g., SSL/TLS, password security, filesystem encryption, etc.).
• Good understanding of security information and event management tools.
• Excellent understanding of emerging cybersecurity threats.

SOFTWARE AND SERVICES EXPEREINCE (DESIRED):

• Cloudflare
• Azure Sentinel
• Tenable Nessus
• Rapid7 AppSec, Insight Vulnerability Management
• BurpSuite
• Ostorlab
• Microsoft Defender
• RecordedFuture
• KnowBe4
• Microsoft Purview
• Microsoft Threat Model
• Jira
• Confluence
• SolarWinds Orion
• PowerShell
• GitHub
• GitHub Advanced Security
• SolarWinds ServiceDesk
• SQL Server Studio
• Postman

EDUCATION (MANDATORY)

• A Bachelor’s degree in Computer Science, Information Systems, Engineering, Cybersecurity or a related field.
• At least 10 years of Information Security experience in specialized roles such as penetration testing, application development, and application security testing.
• 7-10 years in software development or IT security related fields.
• 3-5 years of experience as a Cloud Security architect or related position.
• Formal education in Computer Science, Information Systems, Engineering, Cybersecurity or a related field can be substituted for the following years of experience:
  • Master’s Degree - 1 year

LOCATION (REMOTE)
Most work is done remotely. However, certain Work Orders may require the Resource to work on-site at 810 Jefferson Street SE, Olympia WA.

Compensation$55.29-$69.71