Become part of the Appriss Information Security team. The Information Security Analyst will assist with daily response to, and monitoring of system security alerts, as well as participating in the discovery, analysis, and remediation efforts of security related issues or vulnerabilities discovered via automated or manual processes. In this job function, employees are expected to apply analytical and creative skills while consuming the output of the security tools and logs generated by applications and systems throughout the enterprise - hunting for behavioral anomalies, unauthorized access, misconfigurations, or reconnaissance activity. Assists with multiple tasks related to annual security initiatives and investigations.
Work as part of a team under minimal supervision; on complex, fast-paced and unique work assignments and recommends appropriate solutions and problem resolution.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Assist with/respond to; daily incoming security related incidents.
Vulnerability analysis and mitigation planning/operations.
Perform web application security testing utilizing automated or manual methods. Basic familiarity with API/Web Application security testing or web application functionality is desired.
Cloud container testing, threat modelling and analysis.
Remain abreast of developments within the field of penetration testing, continually assess the Appriss environment, validate findings and work with stakeholders to drive remediation to completion
Help implement and improve functionality of security tools or process solutions across the enterprise
Required
Bachelor's degree in MIS, Computer Engineering, Cyber Security, IT or related disciplines or 4 years of additional work experience in IT, Information Security, Cyber Security or equivalent experience in lieu of a degree.
CISSP certification or related professional security designation
Establish and maintain positive relationships and communication with all stakeholders
Communicate effectively through verbal and written means to technical and business stakeholders with the right context to drive remediation
Deliver high quality services, documentation, presentations and other related artifacts in a timely manner.
Intermediate knowledge of Linux, MacOS, Windows Server/Client, and cloud architecture.
Basic understanding of scripting languages (Python, Powershell, bash)
Helpful/Preferred
Demonstrated experience/understanding of security tooling - endpoint protection, firewalls, IDS/IPS systems, SIEMs, and automated vulnerability scanners.
Demonstrated experience with security incident response processes and procedures.