- Responds to security alerts created across infosec alerting systems
- Escalates security alerts requiring further investigation
- Creates new security alerts and dashboards as needed
- Performs threat hunting across information security log feeds
- Creates Infosec policies,procedures, playbooks, and workflows
- Monitors for, investigates, and responds to security incidents
- Performs root cause analysis on identified vulnerabilities and identified incidents
- Conduct security reviews and penetration testing across company products and services as needed
- Conduct and assess the results of vulnerability scans and triage vulnerabilities across company products
- Stay informed on the latest vulnerabilities
- Conducts security, vulnerability and risk reviews of systems, applications, and source code through the use of various automated tools and manual testing procedures.
- Address security throughout the SDLC
- Review security findings from container scans, dependency checks and static code analysis tools.
- Manage the bug bounty program
- Perform security reviews of the source code
Requirements:
- Bachelor’s degree in information technology or a related field preferred
- Some experience in information security and IT.
- Has an understanding of infosec concepts such as: cloud infrastructure, application security, vulnerability scanning, penetration testing.
- Some experience with infosec testing tools and scripts.
- Familiar with application development concepts: servers, databases, coding, API’s, containers, logging, troubleshooting.
- Knowledge of various operating systems, ChromeOS, Linux, Mac, Windows.
- Familiar with OWASP top 10 and MITRE ATT&CK Framework.
- Able to navigate the linux command line
- Strong verbal and written communications
- Excellent time management and organization skills
- Excellent Analytical skills
- An understanding of security best practices and frameworks such as NIST, ISO, and CIS
