Jobs
>
Chicago

    Sr. Analyst - Chicago, United States - CNA

    CNA
    CNA Chicago, United States

    18 hours ago

    Default job background
    Description

    You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.

    CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them - and their family members - achieve their physical, financial, emotional and social wellbeing goals.

    For a detailed look at CNA's benefits, check out our Candidate Guide.

    A secure Software Development Lifecycle (SDLC) analyst is responsible for the security related design, execution and testing of an application or service and the data it handles. The responsibilities encompass all phases of an application's lifecycle, and include incorporation of the CNA's processes and standards to minimize or eliminate risk to the company, the application or service, and the data.

    The analyst will evaluate an application or service using architecture and design documents, code reviews, static testing, dynamic testing, company standards and industry guides and established best practices. When a vulnerability or risk is encountered the analyst will provide recommendations and select security controls to developer teams and stakeholders to minimize or eliminate the risk. The analyst will take what is learned and improve automation, CI/CD pipelines and standards to refine processes for all company apps and services.

    JOB DESCRIPTION:

    Essential Duties & Responsibilities

    • 1. Participate in the implementation of secure Software Development Life Cycle (SDLC), and be responsible for the security solution reviews, security design and technical assessment for business departments
    • 2. Research new software development technologies and concepts and make improvement suggestions.
    • 3. Improve the secure SDLC, build the standard system, and formulate relevant security standards and requirements
    • 4. Read and understand security test reports. Provide advice in patching vulnerabilities and following up with the risk mitigation
    • 5. Evaluate the risk points of mainstream application frameworks and develop security solutions to provide security support for each business line
    • 6. Build and maintain internal tools to streamline software development process to enhance productivity.
    Skills, Knowledge & Abilities
    • Solid understanding of OWASP TOP 10 vulnerabilities, and principles, utilizations, patching's and reinforcements of various vulnerabilities
    • Understanding of Rapid Application Development, like Waterfall and Agile
    • Familiarity with the implementation of enterprise's SDLC process and standards
    • Experience in building and maintaining secure SDLC for companies and enterprises, including following and authoring standards
    • Familiarity with automation and CI/CD pipelines, and the ability to modify a pipeline to ensure an application meets enterprise standards
    • Technical knowledge of black box testing methods and paths, and tools used for manual testing like BurpSuite and ZAP Tool
    • Robust with at least one programming language such as HTML/JavaScript/CSS, Java Enterprise, Python, PHP, Go, C, etc.
    • Ability to perform source code audits in multiple languages, including HTML/JavaScript/CSS, Java Enterprise, and Visual Basic/C#/.Net
    • Proficiency in reading architecture and design documents, threat models, trust models, and related codes
    • Ability to interview development teams to understand the design and implementation of an enterprise application and its interactions with third party services
    • Understanding of Operating Systems concepts and security services, like permission systems, ACLs, Keychains, APIs, etc. The ability to design an app that takes advantage of the security services.
    • Understanding of Platform design and security services, like Java, .Net, Google Cloud Platform (GCP) or Amazon Web Services (AWS). The ability to design an app that takes advantage of the security services.
    • Understanding of different architecture and design choices, like an on-prem app versus an app in Google Cloud Platform (GCP), Amazon Web Services (AWS) or Salesforce.
    • Understanding of common vulnerabilities for components such as authentication, authorization, auditing, session management, secure storage, secure channels and logging. Experience with independently exploring business logic vulnerabilities would be a bonus
    • Understanding of common security controls, and the ability to place security controls to mitigate vulnerabilities
    • Understanding of risk management frameworks, like NIST Risk Management Framework (RMF) and SP 800-53a
    Education & Experience
    • Bachelor's degree, in a related discipline, or equivalent
    • Typically a minimum of seven years of related work experience.
    • 2+ years of software development experience
    • 2+ years working with open source projects
    • 2+ years working with automation and CI/CD pipelines
    • 2+ years working with stakeholders, like development teams, business owners, management and vendors
    • 3+ years of experience working with secure SDLCs, processes and standards
    • 2+ years of experience vulnerability mining at the framework level is preferred
    • 3+ years of experience with common SAST/DAST tools, like Coverity, HP Fortify, Snyk, and Veracode
    • 2+ years working with cloud services like Google Cloud Platform (GCP), Amazon Web Services (AWS) and Salesforce
    • 2+ years of experience working with risk management frameworks, such as NIST Risk Management Framework (RMF) and SP 800-53a
    CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact
  • BMO US

    Analyst

    10 hours ago

    BMO US Chicago, United States

    320 S Canal Street Chicago Illinois,60606 · BMO Capital Markets is a leading, full-service financial services provider. We offer corporate and investment banking, treasury management, as well as research and advisory services to clients around the world. #bmocapitalmarkets · Prov ...

  • Sheer Logistics

    Financial Analyst

    10 hours ago

    Sheer Logistics Chicago, United States

    **About Sheer**: · Sheer Logistics is a leading logistics services provider, with a focus on transparency and value, providing clients with a comprehensive offering of technology enabled supply chain and logistics solutions including managed transportation, multi-modal brokerage, ...

  • Profit by RPO

    Financial Analyst

    10 hours ago

    Profit by RPO North Chicago, United States

    **Job title: 34346 Vendor Master Data Manager** · **Job location: North Chicago, IL** · Responsible for working cross-business and cross-functionally to drive vendor master data quality and data governance capabilities throughout the end-to-end life cycle of Vendor Master in all ...

  • The University of Chicago

    Research Analyst

    10 hours ago

    The University of Chicago Chicago, United States

    Department · BSD MED - Center for Health and the Social Sciences - Oral Health · About the Department · Job Summary · The Research Analyst will play a critical role in supporting the Program in Oral Health at UChicago for the academic year. The role will primarily work on conduct ...

  • Motorola Solutions

    Compensation Analyst

    10 hours ago

    Motorola Solutions Chicago, United States

    **Company Overview**: · At Motorola Solutions, we're guided by a shared purpose - helping people be their best in the moments that matter - and we live up to our purpose every day by solving for safer. Because people can only be their best when they not only feel safe, but are sa ...

  • The University of Chicago

    Research Analyst

    10 hours ago

    The University of Chicago Chicago, United States

    Department · BSD OBA - Marlow Lab · About the Department · Job Summary · The job performs routine assignments related to scientific research projects. Ensures compliance of research activities with institutional, state, and federal regulatory policies, procedures, directives and ...

  • adroitts

    Peoplesoft Business Analyst

    10 hours ago

    adroitts Chicago, United States

    **PeopleSoft Financials Business Analyst **with strong expertise in **GL, AP, AR and Billing functionality**. Experience with Custom Modules and deep understanding of business processes. · - Demonstrated skills in business processes and system analysis, design and system testing. ...

  • Buyers Edge Platform, LLC

    Supply Chain Analyst

    9 hours ago

    Buyers Edge Platform, LLC Chicago, United States

    **Who are we?** · Produce Alliance specializes in delivery of fresh produce to restaurants and other foodservice operators at higher quality and better prices. We provide produce category management services including procurement, national distribution, information services and f ...

  • Stifel, Nicolaus & Co., Inc.

    Public Finance Analyst

    10 hours ago

    Stifel, Nicolaus & Co., Inc. Chicago, United States

    **Summary** · Analysts provide analytical and transaction support on municipal financings, assist in the development of proposals and presentations, and provide general support to the initiatives of the senior bankers. Analysts serve as the second or third person on client relati ...

  • Uber Freight

    Learning Enablement Analyst

    10 hours ago

    Uber Freight Chicago, United States

    **About the Role** · The Learning Enablement Analyst (LEA) manages needs analysis in preparation for developing performance support-related content products for business operations as well as Learning and Development (L&D) teams. · The LEA drives improved job performance for supp ...

  • Riverside Insights

    Marketing Operations Analyst

    10 hours ago

    Riverside Insights Chicago, United States

    Empower Riverside Insights' marketing ops muscle by leading the strategic use of CRM solutions and marketing automation to win new business and cultivate loyal customers. In this role, you will work with a cross-functional team to seamlessly connect diverse business units and per ...

  • The University of Chicago

    Data Science Analyst

    10 hours ago

    The University of Chicago Chicago, United States

    Department · BSD SUR - OHNS: Thirty Million Words - Tech · About the Department · The TMW Center for Early Learning + Public Health (TMW Center) develops science-based interventions, tools, and technologies to help parents and caregivers interact with young children in ways that ...

  • Abbott Laboratories

    Oec Business Systems Analyst

    10 hours ago

    Abbott Laboratories Chicago, United States

    Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medic ...

  • Raymond James Financial, Inc.

    Investment Banking Analyst I/ii

    10 hours ago

    Raymond James Financial, Inc. Chicago, United States

    **Investment Banking Analyst I/II - Security & Safety (Chicago, New York, or Saint Petersburg)**-**2401565** · **Description** · **Job Summary**: · Under administrative direction, uses extensive knowledge and skills obtained through education and experience to work with a variety ...

  • IDEX Consulting Ltd

    Analyst - M&A Analyst

    10 hours ago

    IDEX Consulting Ltd Chicago, IL, United States

    M&A Analyst · Chicago · IDEX are leading a search for a Mergers & Acquisitions Analyst on behalf of a global insurance organisation for a front-line opportunity supporting a team of M&A professionals. · We are looking to talk to individuals with exposure to the M&A life cycle ...

  • JLL

    Data Developer 2

    10 hours ago

    JLL Chicago, United States

    JLL supports the Whole You, personally and professionally. · JLL Technologies Enterprise Data team is a newly established central organization that oversees JLL's data strategy. We are seeking data professionals to work with our colleagues at JLL around the globe in providing sol ...

  • bp

    Program Manager Ii

    10 hours ago

    bp Chicago, United States

    Job summary · **Entity**: · Customers & Products · **Job Family Group**: · IT&S Group · bp pulse, bp's electric vehicle (EV) charging business, is working to simplify electrification by providing fast, reliable charging solutions for both consumers and commercial fleets across Am ...

  • GAINS

    Analyst

    5 hours ago

    GAINS Chicago, United States

    About the Role: · As a Supply Chain Analyst, you will be part of the client consulting team. In this role, you have two primary responsibilities: · Support the technical set up of the GAINS software during implementation and for future product feature releases. · Consult on and l ...

  • ABA Midwest

    Behavior Technician

    10 hours ago

    ABA Midwest Chicago, United States

    **Position**: In-Home Behavior Technician/Registered Behavior Technician (RBT) · **Company**: ABA Midwest · **Location**: Client's Home · **Position Type**: Part-Time · **About Us**: · At ABA Midwest, we're dedicated to making a positive impact in the lives of children and adults ...

  • RIT Solutions, Inc.

    Analyst

    4 days ago

    RIT Solutions, Inc. Chicago, United States

    Business Data Governance Technical Analyst · Location: Hybrid 3x a week onsite in Chicago IL or Dallas TX (local only) · Interview Mode: Virtual Interview · Type: Contract · WORK TO BE PERFORMED: · Data Governance Business Technical Analyst · Must have a holistic perspective o ...