FLEX Supply Chain Security Analyst
FLEX Supply Chain Security Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The Supply Chain Security Analyst will assist in supporting and improving the security of containerized applications and open-source software usage through container image security and software composition analysis (SCA). The ideal candidate will have a strong foundational understanding of application security a proactive mindset and knowledge of containerized environments and modern development pipelines. The role is designed to provide hands-on experience in application security within a corporate environment with a strong focus on learning and development.
CANDIDATE PROFILE
Education and Experience
Required:
- Associates degree in Cybersecurity Computer Science or related field or equivalent experience/certification
- 2 years of information technology experience
- Strong understanding of basic programming concepts and principals (interpretation compilation loops control structures data types)
- Basic understanding of security testing methodologies tools and approaches
- Basic understanding of vulnerability management and risk management
- Basic understanding of OWASP Top 10 and its implications to software security
- Strong interest in cybersecurity and a willingness to learn on the job
- Basic understanding of common software development practices and procedures (version control testing patching CI/CD)
- Basic understanding of the Software Development Lifecycle (SDLC)
- Proficiency in Microsoft Word PowerPoint and Excel
- Excellent communication skills.
Preferred:
- Bachelors degree in Cybersecurity Computer Science or related field or equivalent experience/certification
- Current information security certification including: GSEC GSIF CySA Security CEH GRISC CISA
- 2 years of experience in a cybersecurity DevSecOps or software security support role
- Practical experience with container platforms (e.g. Docker Kubernetes) and image scanning tools
- Basic understanding of CI/CD pipelines and modern development workflows (e.g. Git Jenkins GitLab CI)
- Experience working in a regulated environment (e.g. finance healthcare government)
- Experience with conducting risk assessments and developing risk mitigation strategies
- Understanding of CVSS scoring and vulnerability management workflows
- Strong foundational knowledge of QA testing practices and principles
- Strong foundational knowledge of OWASP Top 10
- Experience assisting in vendor relationship management
CORE WORK ACTIVITIES
Container Security and Supply Chain Management
- Monitor and triage findings from container image scanning tools (e.g. Trivy Clair Anchore Aqua or Prisma Cloud)
- Support the integration and maintenance of SCA tools (e.g. Snyk Black Duck WhiteSource or GitHub Dependabot)
- Collaborate with development and DevOps teams to ensure secure use of open-source components
- Interpret vulnerabilities misconfigurations and associated remediations
- Assist in the creation and enforcement of security policies related to containerization and open-source use
- Support the triage and resolution of security scanning related issues in CI/CD pipelines
- Assist the Senior Manager in vendor relationship management
- Assist in monitoring compliance with security standards and regulatory requirements related to container and web application security
- Assist in tracking and documenting risk mitigation efforts ensuring timely resolution of identified issues
- Learn and assist in the use of security scanning tools for basic operations
- Work closely with development and DevOps teams to integrate risk management practices into the software development lifecycle
- Gain exposure to security frameworks and standards under the mentorship of the Senior Manager
- Contribute to the development and maintenance of compliance documentation including policies procedures and control frameworks
- Aid in the use of project management tools like JIRA to track tasks and projects
Additional Responsibilities
- Informs updates and provides information to supervisors co-workers and subordinates by telephone in written form e-mail or in person in a timely manner.
- Attends and participates in all relevant meetings.
- Presents ideas expectations and information in a concise organized manner.
- Uses problem solving methodology for decision making and follow up.
- Maintains positive working relations with internal customers and department managers.
- Manages time effectively and conducts activities in an organized manner.
- Performs other reasonable duties as assigned by manager.
The pay range for this position is $33.94 to $53.46 per hour.
FLEX opportunities offer coverage for medical dental vision health care flexible spending account dependent care flexible spending account life insurance disability insurance accident insurance adoption expense reimbursements paid parental leave 401(k) plan stock purchase plan discounts at Marriott properties commuter benefits employee assistance plan and childcare discounts. Benefits are subject to terms and conditions which may include rules regarding eligibility enrollment waiting period contribution benefit limits election changes benefit exclusions and others.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid for candidates within a commuting distance to Bethesda MD.
Marriott International is an equal opportunity believe in hiring a diverse workforce and sustaining an inclusive people-first are committed to non-discrimination onanyprotectedbasis such as disability and veteran status or any other basis covered under applicable law.
Required Experience:
IC
Employment Type
Full-Time
