Security/Remediation Analyst

Innova Solutions is seeking a Security / Remediation Analyst (App Sec) for a client in the STL area.

Position : Full-time - Contract.

Duration : 6++ Months (possibility to convert to FTE).

Location : Maryland Heights, MO - This is a mostly onsite role. 4 days onsite / 1 day remote.

MUST Have at least one current Certification - AWS or Cybersecurity.

Total experience required is 8 years minimum of IT and 4 years of Security

JOB SUMMARY

This position is within the Software Development and IT organization of a Fortune 100 company, in a department supporting the front-end applications and edge services facilitating residential and SMB sales orders.

Our team enables the department’s success by creating quality documentation, improving internal processes, and driving efforts to improve our security posture and remediate compliance issues.

RESPONSIBILITIES

In a typical month, this person will spend most of their time analyzing vulnerability and risk findings, validating remediation claims, and reporting on remediation progress and the remainder of their availability updating knowledge documentation, learning and documenting complex procedures, facilitating risk assessments, responding to audit and security team requests for information, submitting compliance related questionnaires regarding technical aspects of application platforms.

Some of this security analyst responsibilities include :

• Creating and maintaining documentation on security related tools, processes, and best practices.
• Collaborating with technical teams to improve observability.
• Investigating security breaches and other cybersecurity incidents.
• Assessing risk findings, assigning them to fix teams, and reporting remediation efforts and related challenges.
• Gathering key information for exception requests, including risk details, action plans, and remediation dependencies.
• Partnering with security teams to improve data quality in security tools and external reports.
• Clearly defining and developing new policies, processes, and training documents.
• Hosting meetings with members of application, security, and leadership teams to communicate updates and changes to security postures.
• Validating rendered evidence meets requirements to resolve compliance issues.
• Educating application teams on security subject matter.

To be successful, this person will must possess a strong understanding of the wide array of AppSec and InfoSec tools, protocols, and best practices applicable to application platforms, including their infrastructure.

This person must also be experienced in determining root cause and risk in consideration to environmental variables. Additionally, this person must have experience maintaining team documentation, speaking in meetings, escalating issues, and driving teams to deliver work.

The ideal person will have a minimum of 8 years of experience in software engineering, cybersecurity, and / or cyber-audit, and will clearly express the following characteristics and competencies :

• Strong verbal communication skills. Must be comfortable speaking in front of audiences including technical teams and senior leaders, including VPs.
• Strong written communication skills with the ability to produce quality literature and technical documentation.
• The ability to collaborate with technical teams to define, improve, and document procedures to meet compliance requirements.
• Diligence in following up on action items and inquiries.
• Strong knowledge in security standards and practices for both on-premises and AWS environments; CCSP, CISSP, or other cloud-focused application security certifications are a big plus.
• Familiarity with Data Center and AWS infrastructure, including data center network architectures, virtualization, containerization, and AWS products / offerings.
• Ability to perform analysis and tests to validate findings and remediation claims.
• A strong knowledge of ITIL operations and agile development practices. Experience working in a DevSecOps culture is a plus.
• Experience in a software engineering or project manager role is strongly desired.

Application and Information Security

Core Competencies

o Expertise in reading CVE documentation and determining remediation requirements and dependencies.

o Strong knowledge of application security tools and technologies with hands on experience as a power user in multiple vulnerability detection products.

o Solid understanding of information security controls, principles, and best practices.

o Familiarity with PKI certificate management, network cryptography, and network security controls.

Nice To Haves

o Experience working in CrowdStrike Falcon and / or maintaining CrowdStrike sensors.

o Experience working Cisco Kenna.

o Experience working in a DevSecOps culture.

o CSSP, CCSP, CSSP, CISA or similar certification.

No Interest

o Primarily reported vulnerabilities and remediation status without becoming directly involved in the remediation process.

Compliance

Core Competencies

o Experience working on an application team with core responsibilities in remediating compliance issues or as an auditor assessing the standings of application or infrastructure teams.

o Experience creating and maintaining procedural documentation used as evidence in compliance assessments.

o Advised and worked on viable process and / or technical solutions to resolve compliance requirements.

Nice To Haves

o Strong knowledge of PCI DSS requirements.

o Experience working with Archer IRM and / or AuditBoard.

o Experience representing technical teams in meetings, responding to auditors.

o Experienced in identifying compensating controls and documenting action plans.

No Interest

o Responded to and assigned findings and reported on status without becoming directly involved in the remediation process.

General Skills and Knowledge

Knowledge

o Solid understanding of Scrum, SAFe, Kanban, and Waterfall.

Work Experience

o 8+ years in technology teams working in or around ITIL structured environments.

o 4+ years in positions at least 50% dedicated to remediating security or compliance issues.

o Experience validating technical and non-technical work to ensure requirements are satisfied.

o Solid understanding of enterprise and application architecture models strongly desired, including monolithic and microservice architecture.

Key technologies : Unix, Java, JavaScript, AWS.

o At least 2 years as a systems engineer or software engineer, or as an analyst responsible for translating business or functional requirements into technical solutions is strongly desired.

o Expertise in Microsoft Excel, or equivalent spreadsheet tool proficient in combining functions (.e.g., ISNA, IF, VLOOKUP) for data analysis.

Experience documenting in Atlassian Confluence using macros is desirable

PAY RANGE AND BENEFITS :

Pay Range* : $45-50 / hr W2

Pay range offered to a successful candidate will be based on several factors, including the candidate's education, work experience, work location, specific job duties, certifications, etc.

Benefits : Innova Solutions offers benefits( based on eligibility) that include the following : Medical & pharmacy coverage, Dental / vision insurance, 401(k), Health saving account (HSA) and Flexible spending account (FSA), Life Insurance, Pet Insurance, Short term and Long term Disability, Accident & Critical illness coverage, Pre-paid legal & ID theft protection, Sick time, and other types of paid leaves (as required by law), Employee Assistance Program (EAP).