Cyber Security Analyst

This candidate will be responsible for reviewing/regularly analyzing the security compliance of applications in production to ensure ongoing adherence to security policies and standards. The ideal candidate will have a strong understanding about security testing solutions (DAST) and related results / reports (how to understand and act on it).

The candidate will also be responsible for Addressing vulnerabilities by driving and monitoring the remediation process for identified security vulnerabilities and non-compliance within applications to ensure timely resolution and by creating/updating the security procedures and guidelines to improve and standardize security practices. The candidate will collaborate with internal teams to promote good practices in application security and ensure the security and integrity of our applications.             

Main Tasks:

• Vulnerability Identification
  • Supervising the execution of regular scans (using tools like Qualys Bitsight...) to detect vulnerabilities in software hardware and configurations.
  • Monitoring threat intelligence feeds and security advisories (e.g. CVE databases) for emerging vulnerabilities                                        
• Risk Assessment & Prioritization
  • Evaluating vulnerabilities based on severity (e.g. scores) exploitability and potential impact
  • Ensure that prioritization is followed and understanding the impacts when it is not.                          
• Remediation Coordination:
  • Collaborating with IT development and security teams (Pentest Application Security Regional teams) to follow up on ticket stock to patch or mitigate vulnerabilities.
  • Ensuring timely application of security updates and workarounds.
  • Follow up and tracking of findings/Reporting tools:
    • Ensure accurate and up-to-date data on relevant ticketing and reporting tools (e.g. Jira):
      • Active follow up review of findings through relevant tools in timely manner and engage stakeholders in remediation process This includes triggering necessary escalations when needed to keep the stakeholders and management aware.
      • Application Security analyst must be mindful of the remediation timescales defined by AppSec and relevant policies/procedures therefore expected to act/react in timely fashion ensuring remediation KPI/KRI/SLA.
      • Take part in periodic/on demand conversations emergency situations where necessary to act swiftly sharing the expertise and supporting in the vulnerability and noncompliance management process                                                    
• Reporting & Compliance
  • Generating reports and KPIs for stakeholders (e.g. executives auditors) on vulnerability status and progress of remediation.
  • Ensuring compliance with standards (e.g. ISO 27001 NIST ).                     
• Continuous Improvement
  • Refining vulnerability management processes based on lessons learned and evolving threats.
  • Awareness to IT teams on secure coding practices and vulnerability awareness.
  • Work on automation scripts to support BAU activity using Powershell Python ocess

Qualifications :

• Vulnerability Management Tools (e.g.: NexusIQ Fortify SonarQube)                                            
• OWASP                                                     
• Application Security Testing tool (e.g. Qualys AppSpider Bitsight)                                                    
• Technology stack (web-app infra API thick client client-server)                                                       
• Ticketing Systems (JIRA ServiceNow)                                                 

Complementary information:

• Field of Expertise: Proven experience in application security. At least 5 years of experience 3 years of which should be in Vulnerability Management.
• Certifications: Examples: CC CISSP CEH Security
• Tools & Methodologies:
  • DevSecOps
  • Application Security Testing tool (e.g. Qualys AppSpider Bitsight)
  • Vulnerability Management Tools (e.g.: NexusIQ Fortify SonarQube)
  • OWASP
  • SSDLC (Secure Software Development Life Cycle)
  • Power BI knowledge
  • Ticketing Systems (JIRA ServiceNow)
• Academic Background: Masters degree in computer science cybersecurity or related fields.
• Experience: At least 5 years of practical experience in Vulnerability Management (CVE CTI) and at least in 2 of the following areas:
  • Vuln & pen test report reader
  • Software development review and testing
  • Penetration testing
  • Risk assessment
  • Application/Security Architecture

Additional Information :

Remote Work :

No

Employment Type :

Full-time