No more applications are being accepted for this job

Information Security Analyst - Fort Worth, United States - Zillion Technologies

Zillion Technologies Fort Worth, United States

4 weeks ago

Description

Position- Information Security Analyst Remote

Location: Open to remote

Assignment Type: 6 months- possible CTH or extension

Work Authorization- GC and USC

Must Have: 3+ Threat models, Strong understanding of access controls and authentication mechanisms, PKI, and cryptography

Preferred: CCSP, OSCP

Position Overview:

Information Security Analyst will partner closely and collaboratively with Enterprise Architecture (EA), Developers, Platform Owners, and other areas of the firm to help ensure Freddie Mac provides secure services and solutions.

Duties and Responsibilities:

Assess Security Risk from an Architectural Perspective and Apply a Risk-Based Approach to Security

Generate application treat models in a quick paced environment

Manage workloads using Kanban methodologies to estimate and track task deliveries

Mentor, assist, and share your expertise with team members

Attend regular standups and team meetings

Identify and be able to explain security weaknesses to a variety of audiences to include but not limited to software development teams

Hold brown bag sessions to educate developers on the value and benefit that they and the firm derive by identifying threats early

Develop training material for how to engage the Threat Management service, make use of technologies, and interpret findings.

Drive beneficial security change into the business through supporting Developers with creation of threat models for their applications and remediation of potential threats, balancing risk against business need.

Support the Security Architecture team to develop and mature an Application Threat Modeling Program by defining processes, procedures, controls, KRIs/KPIs, etc., that identify threats early in the development process reducing risks prior to deployment.

Work with the InfoSec functional teams in the development of the Information Security strategy and roadmap, including and with focus on Threat Modeling; liaison and consult with Enterprise Architecture, IT and the business for ongoing input and awareness

Advise and Contribute to Strategy and Roadmaps

Qualifications:

Strong understanding of access controls and authentication mechanisms, PKI, and cryptography

Demonstrated experience developing technical threat models

Demonstrated experience performing security code reviews and explaining results to project teams

Previous or active experience with bug bounty programs

Experience working in Sprint or Agile environments

Strong understanding of protocols, networking, firewalls, caching, VIPs, proxies, web applications, and database systems

Experience with AWS and Azure or working knowledge of GCP

Knowledge of several of the following programming languages; Java, C#, Python, C++, Node.JS, JavaScript

Knowledge in one or several of the following Frontend frameworks; React, Angular, Ember, Vue

Minimum of 3 years experience working as an Information Security Threat Modeling subject matter expert at a senior level

Minimum of 5 years experience working as an Information Security Professional, preferably within the architecture or engineering disciplines

Passion for leading change and ability to bring others along

(Desirable) Able to provide references to CVEs filled, Bug Bounty Username, or GitHub repositories

(Desirable) One or more security-related certifications associated with AWS, GCP, or Azure

(Desirable) CISSP (+ ISSAP), CCSP, CEH, OSCP, CSSLP