Sr. Security Analyst - Neptune
Duluth, GA 30026
About the Job
Position Summary
As a Senior Security Analyst, you will be responsible for ensuring the organization is effectively evaluating, developing, and implementing security controls and solutions. You will engage with stakeholders across the enterprise on all aspects of cloud and application security policies, implementation and monitoring of controls, and management of remediation activities. The position will work closely with Information Technology, Cloud Operations, Software and Hardware Development teams, to ensure there are consistent and streamlined processes to implement security and compliance management activities.
Responsibilities:
Application Security:
- Manage the code security assessment pipeline and set development team expectations.
- Collaborate with technology teams to review assessment reports and define remediation plans.
- Identify opportunities to enhance security testing efficiency.
- Develop new methods to prevent security vulnerabilities and track remediation efforts.
- Make decisions on using static source code analysis tools, dynamic application security tools, and manual penetration testing resources.
- Provide weekly metrics on completed assessments and identified vulnerabilities.
- Establish security testing standards.
- Conduct research and create innovative security tools.
Incident Response:
- Maintain Intrusion Detection and Intrusion Prevention Systems (IDS/IPS).
- Produce and report forensic analysis of cloud workloads (AWS, Azure).
Cloud Security:
- Research, create, and script policies as code for AWS, Azure, or GCP services using YAML, CloudFormation, Terraform, and other relevant scripting languages.
- Develop policies that automate and enforce security controls in cloud environments.
- Formulate and script policies for Infrastructure as Code (IaC) scanning, addressing misconfigurations and compliance issues.
Preferred Qualifications:
- Bachelor's degree required, preferably experience in cybersecurity, computer science, information systems, or equivalent.
- 2+ years hands-on experience with IT Application development
- 2+ years hands-on experience with IT Cloud administration
- Exceptional planning, organization, communication, presentation, multitasking, prioritization, and business analysis skills
- Extensive knowledge and understanding of IT regulatory control frameworks (ITIL, COBIT, etc.)
- Possess strong working knowledge of information security standards and frameworks (NIST, ISO, SOC, etc.)
- Experience working with outsourced organizations and third-party vendors preferred.
- Advanced written and verbal communication skills
- Strong interpersonal skills
- Strong analytical skills and the ability to understand and document complex business process dataflow.
Travel Requirements: Typically requires overnight travel less than 10% of the time.
Location: Tallassee, AL, Duluth, GA
#HP1
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
Operations