Senior Information Security Analyst

Hexagon Safety, Infrastructure and Geospatial is seeking and Senior Information Security Analyst to work on improving, implementing and assisting enforcing Information Security Standards and best practices within the organization focusing on integrating security processes and tools across the development organization such as application security reviews, penetration testing, threat-modeling, business continuity and disaster recovery, azure security best practices for application being developed in the cloud. Candidates must be able to approach security with a pragmatic perspective of risk management and avoid purely academic thinking about software security. Responsibilities will include:

• Conduct vulnerability analysis, assessments and remediation
• Manage regular security reviews with the product development teams.
• Conducting threat research and lead threat assessments with application and infrastructure teams
• Work with the IT team to establish disaster recovery plans.
• Develop and implement effective security policies and protocols in conjunction with management.
• Assisting the company in gaining additional security certifications
• Conduct and/or lead penetration testing to simulate attacks and identify weak points.
• Evangelize cyber-security best practices within the development teams and build security expertise across the organization.
• Conduct internal and external Cyber Forensics deep-dive incident analysis initiatives
• Respond to events in real time and prepare detailed incident response reports.
• Stay up to date on the latest intelligence, including hackers' methodologies, to anticipate security breaches.
• Recommend security enhancements to management or senior IT staff.
• Installing and operating firewalls, encryption programs, and other security software.
• Developing and promoting best practices for information security.
• Defending a company's systems and network from online threats.

• Mandatory: A completed bachelor's degree in computer science, Cybersecurity, or a related field technical field.
• Mandatory: 7+ years of progressively more complex Information and Application Security experience at a medium to large size software company.
• Mandatory: Familiarity with industry standards and regulations including but not limited to ISO27001, SOC2, CRA, NIS2, NIST, CJIS, and PII
• Mandatory: In-depth experience with common security tools across SAST, DAST, IAST, and PenTest vendors is a plus.
• Mandatory: Strong personal ethics and understanding of ethics in Application and Information Security
• Familiarity with agile development processes and experience integrating secure development best practices into an agile model, Microsoft SDL experience a plus.
• Software engineering experience with Microsoft and/or Java web applications, specific experience with ASP.NET, Angular, and Apache/Tomcat a plus
• Certifications such as CISSP, CompTIA, Microsoft Certified in Azure such as (AZ 500) or others are a plus.