Sr. Security Analyst

Position Summary

As a Senior Security Analyst, you will be responsible for ensuring the organization is effectively evaluating, developing, and implementing security controls and solutions. You will engage with stakeholders across the enterprise on all aspects of cloud and application security policies, implementation and monitoring of controls, and management of remediation activities. The position will work closely with Information Technology, Cloud Operations, Software and Hardware Development teams, to ensure there are consistent and streamlined processes to implement security and compliance management activities.

Responsibilities:

Application Security:

• Manage the code security assessment pipeline and set development team expectations.

• Collaborate with technology teams to review assessment reports and define remediation plans.

• Identify opportunities to enhance security testing efficiency.

• Develop new methods to prevent security vulnerabilities and track remediation efforts.

• Make decisions on using static source code analysis tools, dynamic application security tools, and manual penetration testing resources.

• Provide weekly metrics on completed assessments and identified vulnerabilities.

• Establish security testing standards.

• Conduct research and create innovative security tools.

Incident Response:

• Maintain Intrusion Detection and Intrusion Prevention Systems (IDS/IPS).

• Produce and report forensic analysis of cloud workloads (AWS, Azure).

Cloud Security:

• Research, create, and script policies as code for AWS, Azure, or GCP services using YAML, CloudFormation, Terraform, and other relevant scripting languages.

• Develop policies that automate and enforce security controls in cloud environments.

• Formulate and script policies for Infrastructure as Code (IaC) scanning, addressing misconfigurations and compliance issues.

Preferred Qualifications:

• Bachelor's degree required, preferably experience in cybersecurity, computer science, information systems, or equivalent.

• 2+ years hands-on experience with IT Application development

• 2+ years hands-on experience with IT Cloud administration

• Exceptional planning, organization, communication, presentation, multitasking, prioritization, and business analysis skills

• Extensive knowledge and understanding of IT regulatory control frameworks (ITIL, COBIT, etc.)

• Possess strong working knowledge of information security standards and frameworks (NIST, ISO, SOC, etc.)

• Experience working with outsourced organizations and third-party vendors preferred.

• Advanced written and verbal communication skills

• Strong interpersonal skills

• Strong analytical skills and the ability to understand and document complex business process dataflow.

Travel Requirements: Typically requires overnight travel less than 10% of the time.

Location: Tallassee, AL, Duluth, GA

#HP1