Security Analyst III

PTO Security Analyst

What you will be doing :

The job of a PTO Security Analyst is to support the 'Permit to Operate' assessment gate by performing security control assessments for applications that are deploying changes to production, and participate in projects in support of PTX metrics and control automation.

Employee Duties & Responsibilities

• Participate in "Permit to Operate" (PTO) control assessments for applications requesting permission to deploy architectural changes to Production
• Support the adoption and integration of new controls into the PTO workflow and approval process.
• Communicate PTO control requirements to application teams.
• Evaluate Architecture Design requirements against the applicable security control requirements and identify gaps and remediation options.
• Coordinate meetings with engineering and application teams.
• Research information and train within the security architecture and control-based assessment disciplines.

Abilities

• Work under the supervision of Senior Architects and Analysts.
• Ability to organize many types of documents and meetings on a daily basis.
• Identify complex problems and review related information to develop and evaluate options and implement solutions.
• Manage own time and coordinate the time of others.
• Knowledge of cyber security, architecture principles, and Information Technology procedures.
• Working knowledge of public cloud technologies and security configurations.
• Ability to listen, understand, and collect information presented through presentations or verbal meetings.

Requirements :

• Bachelor year degree plus and 4+ years of work experience in IT or Security
• Knowledge of IT control frameworks such as ITIL, NIST 800-53, ISO 27000
• Certification in one or more of the following is a plus : ITIL, CISSP, CISA, CCSK, CCSP, GCP Security Engineer, Azure Security Engineer, or similar.

Required Skills :

Basic Qualification : o Experience / familiarity with a variety of IT services (servers, containers, cloud deployments, Identity and Access, Privileged access, infrastructure as code) o Experience / familiarity with Cyber domain (vulnerability management, identity and access, encryption at rest and in transit, security logging and monitoring) o Familiarity with network and application architectures, ability to review diagrams.

Good communication skills is a MUST HAVE. This individual will be communicating with application teams across the bank about their security assessments.

Additional Skills : o Experience / familiarity with a variety of IT services (servers, containers, cloud deployments, Identity and Access, Privileged access, infrastructure as code) o Experience / familiarity with Cyber domain (vulnerability management, identity and access, encryption at rest and in transit, security logging and monitoring) o Familiarity with network and application architectures, ability to review diagrams.

Good communication skills is a MUST HAVE. This individual will be communicating with application teams across the bank about their security assessments.

Background Check : Yes

Notes :

Selling points for candidate :

Project Verification Info :

Candidate must be your W2 Employee : Yes

Exclusive to Apex : No

Face to face interview required : No

Candidate must be local : Yes

Candidate must be authorized to work without sponsorship : : No

Interview times set : : No

Type of project :

Master Job Title : Misc : Non-Technical

Branch Code : Pittsburgh