We are looking for a junior to mid-level person to take on security analyst responsibilities. This position will work to identifies and improve application security posture including container and images. Responsibilities will include analyzing software designs and implementations from a security perspective, identify and resolve security issues, create scripts and automation for existing security tools as well as help us create a set of rules for testing.
Core Responsibilities may include but not limited:
Implementing, testing, and operating tools designed to improve our security program
Performing static and dynamic web application s scanning using industry standard tools
Perform on-going security testing and code review to improve software security
Reviewing and mitigating web application vulnerabilities through code reviews.
Provide suggestions for new software solutions to help mitigate security vulnerabilities
Create and maintain technical documentation for performing task
Develop familiarity with new tools and best practices
Establish, participate, and maintain relationships with internal teams, customers, and information technology subject matter experts
Provide appropriate research support to business and information technology groups within the organization. Advise on options, impact on other business processes and system priorities.
Maintain professional relationships with internal and external client and teams, participating in team meetings, code reviews and working closely with technical and non-technical teams.
Provide guideline and assistance in remediating vulnerabilities found in images and containers.
Perform Project securities and application security assessments.
Maintain and track data analytics for vulnerability management process for web application, images, and containers.
Desired minimum qualifications:
Bachelor's degree in Information Security, Computer Science, Software Engineering or Information Technology related field or equivalent experience.
3-5 years of Experience using static and dynamic application scanning tool
Working knowledge of OWASP/Top 10 and CWE/SANS TOP 25 Most Dangerous Software Errors Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols
Knowledge of distributed and cloud-based infrastructures/software and how they affect security needs
Strong problem solving and analytical skills; good oral and written communication skills
Strong organizational and time management skills, including the ability to prioritize responsibilities.
Strong knowledge of software development processes, methodologies, and lifecycles.
Experience working with Archer, ServiceNow Jira/Confluence, Splunk and Panaseer is a plus.
CEH, Security+, CySA+ or other security related certifications are desired
Experian is an Equal Opportunity Employer. Anyone needing accommodation to complete the interview process should notify the talent acquisition partner. The word "Experian" is a registered trademark in the EU and other countries and is owned by Experian Ltd. and/or its associated companies.
EOE including Disability/Veterans.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and it ensures that we live what we believe.
Experian U.S. employees are required to be fully vaccinated for COVID-19.