64 applicants
Learning A-Z · 2 days ago
Information Security Analyst
Concord, MA
Full-time
Onsite
Senior Level
5+ years exp
Wonder how qualified you are to the job?
Maximize your interview chancesE-Learning Providers
Insider Connection @Learning A-Z
Responsibilities
Design and build an end-to-end enterprise application security program which includes both a centralized and decentralized model for application security testing, code scanning, issue tracking, issue remediation, key metrics, application logging
Run large scale programs that span the enterprise to deploy and manage dynamic scanning solutions
Configuring a tuning web application firewalls rules as needed.
Evaluate third-party tools and solutions from a security perspective
Work with architecture team to implement best practices around cookie and session storage
Develop, maintain and promote baseline security testing framework into part of regression testing
Develop, maintain, and report on key application security metrics – both as a program and on an individual basis; creating metric templates and scoring models
Coordinate with engineering, business, and technical subject matter specialists to identify and mitigate Information Security issues and incidents
Assist with Pen Testing of web-facing applications and run DAST for vulnerability assessment
Perform security monitoring. Follow up on alerts from Intrusion Detection Systems (IDS), and Security Information Event Management (SIEM Systems)
Manage and design the issue management around web application vulnerabilities, their tracking, reporting, metrics, resolution, and validation. Take a proactive approach to dealing with threats by using threat analysis to determine the most vulnerable components of an application and fortifying them.
Conduct deep-dive sessions with development teams and understand attack surface, threats, security controls and security design flaws
Perform Risk Assessment in accordance with ISO27001 requirements and develop appropriate Risk Treatment Plans by working with asset owners.
Work on a cross department team to help complete security related questions on RFPs and customer compliance documents.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
5-7 years of application security experience, including demonstrated experience with security testing of applications using SAST and DAST
Pen-testing experience against Windows, Linux, OSX, and mobile platform environments. Experience with Metasploit or similar tools is a plus.
Bachelor’s Degree or equivalent experience in computer science, engineering, Information Systems or related technical field
Information Security Certifications – GWEB, CSSLP, CASE, CASS, GIAC, CompTIA Security+, AWS certification, CEH, Pen Testing certifications a plus
Understanding of web protocols, tools, and be well-versed in application security and infrastructure security
Experience with Cylance, Beyond Trust and other EDR tools a plus
Technical knowledge of front-end UIs through to back-end systems and all points in between
Experience with web application firewalls (WAF) such as Cloudflare.
Experienced in design reviews, application security architecture and best practices
Experienced in remediating vulnerabilities and defect fixes by working closely with development leads and engineers
Must have exceptional communication skills
Familiar with Open Web Application Security Project (OWASP) best practices
Knowledge of or experience with malware detection and prevention.
Company
Learning A-Z
Learning A-Z is a literacy-focused PreK–6 education technology provider.
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
Bob Holl
Founder
Sarah Krause
Regional Director - Educational Partnership
Company data provided by crunchbase
