Senior Information Security Analyst
4 weeks ago
JOIN OUR WINNING TEAM AS A SENIOR INFORMATION SECURITY ANALYST
AT CARFAX WE ARE CONSTANTLY EXPANDING OUR PRODUCT AND TECHNOLOGY OFFERINGS This means we are continually bringing new, innovative products to market through exciting technology initiatives to help our customers. Come join the success in Biz Tech. As a Senior Information Security Analyst, you will be responsible for guiding technical teams in building secure products in a DevOps model. The position is targeted to enable better security as part of the software development lifecycle through simple and automated tools that are easily integrated into a developer's workflow. See if you have what it takes to join Team CARFAX
THE TECH CULTURE AT CARFAX CULTURE Having a creative and innovative environment where our developers can collaborate, learn and grow is something CARFAX is passionate about. We have an entire floor dedicated to our techies, designed specifically to enable teams to dream big and produce the best. Along with creating and maintaining awesome software you’ll also be able to participate in our quarterly Hack-a-thon’s or take a break by kicking back and playing the latest game on x-box when you need to re-boot the mind. Oh, and do you happen to have a dog? CARFAX is dog-friendly and no day goes by where you don’t have the chance to visit with one of the visiting pups. We even provide the dog beds, bowls and of course, toys
AS A SENIOR INFORMATION SECURITY ANALYST, YOU WILL:
- Technical point of contact for product teams as it relates to automation, CI/CD, and DevSecOps
- Build tools and automation scripts that enable CARFAX developers to easily consume security services
- Improve the accessibility of security through automation, continuous integration pipelines, and other means
- Evaluate and recommend products and services across the corporate security technology stack
- Research and advises on secure Cloud architecture designs to best practice
- Work with teams to identify threats and vulnerabilities by performing threat assessments
- Develop technical assessments for new technologies, 3rd party integration initiatives and provide technical support to facilitate compliance with security policies
- Develop hardened operating baselines utilizing industry standards and best practice
- Develop secure coding guidelines for personnel and provide security awareness and technical training as required
- Perform and/or analyze vulnerability scans and penetration tests to direct other parties in properly mitigating vulnerabilities
- Security incident response technical lead, performs forensic investigations to determine root causes and determine appropriate security response actions
QUALIFICATIONS:
- Bachelor's degree in computer science/related technical field or equivalent experience
- 6+ years of experience developing secure software products using TDD/Agile/XP/Lean methods
- Background in developing and release of software products in cloud, ecommerce and mobile environments
- Experience in various development tools, such as Jenkins, GitHub
- Comfortable with scripting languages, such as Python, Perl, PowerShell or others
- Familiar with common APPLICATION STACK technologies (e.g., HTTP, HTML5, AJAX, REST, JSON, etc.) and PLATFORMS (e.g., AWS, ReactJS, AngularJS, JAVA, Spring Boot, MySQL, MongoDB, Hadoop, iOS, Android, etc.)
- Familiar with containers and container management platforms including Kubernetes
- Working knowledge of core CRYPTOGRAPHY concepts (Encryption, Key Storage, Hashing, Crypto Libraries, etc.) and how they are applied and attacked in applications
- Hands-on experience with port and network scanners (Nessus, Nexpose, Nmap)
- Experience with web application scanners (Netsparker) and SAST/DAST testing platforms including Veracode
- Experience working with leading firewall, network scanning and intrusion detection products and authentication technologies (Cisco ASA Firepower, F5 ASM, Sourcefire, Okta, etc.)
- Experience working with logging, alerting and file integrity monitoring tools
- Deep knowledge of common application vulnerabilities, current threat vectors and mitigations.
- Knowledge of IP protocols, networks, security architectures and security threats in an IP network
- Familiarity with IT security standards, compliance regulations and best practice frameworks (ISO 27001, ISO 27002, NIST, OWASP, SANS, SOX, ITIL, PCI DSS)
- Any of these preferred security certifications (CISSP, CSSLP, CEH, GSSP, GWEB)
ABOUT CARFAX
CARFAX, a unit of IHS Markit (Nasdaq: INFO), helps millions of people every day confidently shop, buy, own and sell used cars with innovative solutions powered by Carfax vehicle history information. The expert in vehicle history since 1984, Carfax provides exclusive services like Carfax Used Car Listings, MyCARFAX, Carfax History-Based Value and the flagship Carfax® Vehicle History Report™ to consumers and the automotive industry. Carfax owns the world's largest vehicle history database and is a nationally recognized top workplace by The Washington Post and Glassdoor.com. Shop, Buy, Own, Sell – Show me the Carfax™. Based inLondon, IHS Markit is a world leader in critical information, analytics and solutions.
-
Senior Information Security Risk Analyst
1 month ago
Columbia, United States Farm Credit Full timeSenior Information Security Risk Analyst (Hybrid in Columbia, SC) AgFirst's Senior Information Security Risk Analyst identifies, investigates, analyzes, and recommends information security guidance to ensure bank assets and processes maintain confidentiality, integrity, and availability while assessing against all applicable regulations, industry standards,...
-
Senior Information Security Risk Analyst
2 weeks ago
Columbia, United States Farm Credit Full timeSenior Information Security Risk Analyst (Hybrid in Columbia, SC) AgFirst's Senior Information Security Risk Analyst identifies, investigates, analyzes, and recommends information security guidance to ensure bank assets and processes maintain confidentiality, integrity, and availability while assessing against all applicable regulations, industry standards,...
-
Senior Information Security Risk Analyst
2 weeks ago
Columbia, United States AgFirst Full timeJob Description Senior Information Security Risk Analyst (Hybrid in Columbia, SC) AgFirst's Senior Information Security Risk Analyst identifies, investigates, analyzes, and recommends information security guidance to ensure bank assets and processes maintain confidentiality, integrity, and availability while assessing against all applicable regulations,...
-
Senior Information Security Risk Analyst
2 weeks ago
West Columbia, United States Farm Credit Council Full timeSenior Information Security Risk Analyst (Hybrid in Columbia, SC) AgFirst's Senior Information Security Risk Analyst identifies, investigates, analyzes, and recommends information security guidance to ensure bank assets and processes maintain confidentiality, integrity, and availability while assessing against all applicable regulations, industry standards,...
-
Senior Information Security Risk Analyst
4 weeks ago
West Columbia, United States AgFirst Full timeJob Description Senior Information Security Risk Analyst (Hybrid in Columbia, SC) AgFirst's Senior Information Security Risk Analyst identifies, investigates, analyzes, and recommends information security guidance to ensure bank assets and processes maintain confidentiality, integrity, and availability while assessing against all applicable regulations,...
-
Information Security Analyst II
4 weeks ago
Columbia, United States Maxim Healthcare Services Full timeThe Information Security Analyst II will provide service and operational support to all Maxim Information Security Office service offerings and capabilities. The Information Security Analyst II will support project work upon request along with reviewing security events, incidents, and conduct additional analytics to determine if events require additional...
-
Information Security Analyst II
1 week ago
Columbia, United States Maxim Healthcare Services Full timeJOB DESCRIPTION The Information Security Analyst II will provide service and operational support to all Maxim InformationSecurity Office service offerings and capabilities. The Information Security Analyst II will support projectwork upon request along with reviewing security events, incidents, and conduct additional analytics todetermine if events require...
-
Information Systems Security Officer 2
4 weeks ago
Columbia, United States iNovex Information Systems Full timeJob Brief IAM Level 1, Nessus Scanning, NMAP, Splunk. Job Description We're searching fortalented individuals who provide intelligence, engineering, and mission management expertise for the Government. This opportunity supports an Enterprise IT contract with a team of 60+ engineers responsible for the architecture, engineering, integration, operations,...
-
Information Systems Security Officer 2
3 weeks ago
Columbia, United States iNovex Information Systems Full timeJob Brief IAM Level 1, Nessus Scanning, NMAP, Splunk. Job Description We're searching fortalented individuals who provide intelligence, engineering, and mission management expertise for the Government. This opportunity supports an Enterprise IT contract with a team of 60+ engineers responsible for the architecture, engineering, integration, operations,...
-
Columbia, United States Information Management Group Full timeDescription: The Information Systems Security Engineer shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non–compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies. Validates and verifies system security requirements...
-
Columbia, United States Information Management Group Full timeDescription: The Information Systems Security Engineer shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies. Validates and verifies system security requirements...
-
Information Systems Security Officer 2
4 weeks ago
Columbia, United States iNovex Information Systems Full timeJob Brief security scans to identify vulnerabilities and risks Job Description We're searching for talented individuals who provide System Security support. This program will maximize the effectiveness and efficiency of our country's most important missions both at home and abroad. If you are ready to support a high-performing team that truly makes a...
-
Information Systems Security Engineer 2
4 weeks ago
Columbia, United States iNovex Information Systems Full timeJob Brief data management, data delivery, high ingest rate cloud architectures, and analytic platforms. Job Description We're searching for talented individuals who provide System Security support. This program will maximize the effectiveness and efficiency of our country's most important missions both at home and abroad. If you are ready to support a...
-
Information Systems Security Engineer
4 days ago
Columbia, Maryland, United States IMG Information Management Group, Inc. Full timeOpportunity: The Information Systems Security Engineer shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies. Validates and verifies system security requirements...
-
Senior Information Security Engineer
4 weeks ago
West Columbia, United States Segra Full timeSenior Information Security Engineer North Carolina, USA * South Carolina, USA * Virginia, USA * West Virginia, USA Req #1753 Friday, May 10, 2024 Segra is searching for a dynamic and experienced Senior Information Security Engineer to work in a remote capacity in one of the states listed below. After reviewing the following details, if you are interested in...
-
Information Systems Security Officer 2
4 weeks ago
Columbia, United States SCD Information Technology Full timeSCD Information Technology is currently seeking a full-time Information Systems Security Officer 2 to join our team in Ft. Meade, MD. About Us: SCD Information Technology is a small family and woman owned IT services company. SCD IT handles anything from superior structured cabling to information technology solutions for government agencies and...
-
Columbia, United States BJ Concepts Inc Full timeYou will need to login before you can apply for a job. Senior Information System Security Engineer with Security Clearance (U) Functions • (U) Supports the Government in the design, development, implementation, and/or integration of IA architectures, systems, or system components • (U) Provides the Government assistance to ensure that the architecture...
-
Columbia, United States BJ Concepts Inc Full timeYou will need to login before you can apply for a job. Senior Information System Security Engineer with Security Clearance (U) Functions • (U) Supports the Government in the design, development, implementation, and/or integration of IA architectures, systems, or system components • (U) Provides the Government assistance to ensure that the architecture...
-
Senior Information Security Engineer
3 weeks ago
West Columbia, United States Segra Full timeSenior Information Security Engineer North Carolina, USA * South Carolina, USA * Virginia, USA * West Virginia, USA Req #1753 Friday, May 10, 2024 Segra is searching for a dynamic and experienced Senior Information Security Engineer to work in a remote capacity in one of the states listed below. After reviewing the following...
-
Director of Information Security
2 weeks ago
Columbia, United States Maxim Healthcare Services Full timeJOB DESCRIPTION The Director of Information Security is responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. Reporting to the Chief Information Officer (CIO), this role provides the vision and leadership necessary to manage organizational risk, ensuring business...
