The Judge Group - Boston, MA

posted 17 days ago

Full-time - Mid Level
Remote - Boston, MA
Administrative and Support Services

About the position

The Information Security Analyst - III position focuses on enhancing product security within the organization. The role involves collaborating with cross-functional teams to implement a product security framework, conducting penetration testing, and managing security assessments to ensure the integrity of products and solutions. The analyst will also engage in risk assessments, incident response, and strategic initiatives to bolster the security posture of the company's offerings.

Responsibilities

  • Perform formal penetration testing of products and solutions, including remediation planning and solution identification.
  • Conduct Threat Modeling & Vulnerability Management processes and tools for all developed products/services/solutions.
  • Research, document, and discuss security findings with management and product management teams.
  • Perform design and implementation security reviews for all products and ensure adoption of product security framework and policies.
  • Provide feedback and verification of remediation for the identified vulnerabilities.
  • Provide clear and concise reporting of vulnerabilities and defects with potential resolutions and recommendations.
  • Track and report adherence to product security requirements throughout the software development lifecycle, pre- and post-commercialization.
  • Propose and evaluate innovative new security features that could benefit our products.
  • Develop technical solutions to address security weaknesses and collaborate with relevant stakeholders to effectively implement them in our products.
  • Assist with security incident response as needed.

Requirements

  • Expertise in conducting application security assessments covering threat modeling, design reviews, project management, and in-depth implementation audits.
  • A minimum of 2 to 5 years of industry experience in security and development.
  • Solid foundation in formal penetration testing, ethical hacking of embedded systems, web applications, and complex networked systems.
  • Demonstrate knowledge of product security requirements and secure coding standards, e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT, and MS Secure Coding Standards.

Nice-to-haves

  • Engaging business and technology stakeholders at all levels to gather long-term goals and requirements.
  • Demonstrating hands-on engineering experience with enterprise security technology.
  • Contributing to a central technology service organization.
  • Navigating a matrix organization.
  • Collaborating with multiple stakeholders across functional and technical skill sets.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service