Information Security Analyst
Remote
Cambium Learning Group
The Education Essentials company. Cambium provides award-winning education technology and supplemental K-12 solutions | Cambium Learning GroupJob Overview:
As an Information Security Analyst at Learning A-Z, you will play a crucial role in protecting our organization's sensitive information and ensuring compliance with regulatory standards. You will support Learning A-Z’s existing Information Security programs, evaluate our security processes for adequacy, and provide technical and data support for improving our security posture and the effective use of Information Security capabilities and tools. Additionally, you will work closely with cross-functional teams to assess risks, implement security measures, and respond to security incidents.
Job Responsibilities:
Design and build an end-to-end enterprise application security program which includes both a centralized and decentralized model for application security testing, code scanning, issue tracking, issue remediation, key metrics, application logging
Run large scale programs that span the enterprise to deploy and manage dynamic scanning solutions
Configuring a tuning web application firewalls rules as needed.
Evaluate third-party tools and solutions from a security perspective
Work with architecture team to implement best practices around cookie and session storage
Develop, maintain and promote baseline security testing framework into part of regression testing
Develop, maintain, and report on key application security metrics – both as a program and on an individual basis; creating metric templates and scoring models
Coordinate with engineering, business, and technical subject matter specialists to identify and mitigate Information Security issues and incidents
Assist with Pen Testing of web-facing applications and run DAST for vulnerability assessment
Perform security monitoring. Follow up on alerts from Intrusion Detection Systems (IDS), and Security Information Event Management (SIEM) Systems
Manage and design the issue management around web application vulnerabilities, their tracking, reporting, metrics, resolution, and validation. Take a proactive approach to dealing with threats by using threat analysis to determine the most vulnerable components of an application and fortifying them.
Conduct deep-dive sessions with development teams and understand attack surface, threats, security controls and security design flaws
Perform Risk Assessment in accordance with ISO27001 requirements and develop appropriate Risk Treatment Plans by working with asset owners.
Work on a cross department team to help complete security related questions on RFPs and customer compliance documents.
Job Requirements:
5-7 years of application security experience, including demonstrated experience with security testing of applications using SAST and DAST
Pen-testing experience against Windows, Linux, OSX, and mobile platform environments. Experience with Metasploit or similar tools is a plus.
Bachelor’s Degree or equivalent experience in computer science, engineering, Information Systems or related technical field
Information Security Certifications – GWEB, CSSLP, CASE, CASS, GIAC, CompTIA Security+, AWS certification, CEH, Pen Testing certifications a plus
Understanding of web protocols, tools, and be well-versed in application security and infrastructure security
Experience with Cylance, Beyond Trust and other EDR tools a plus
Technical knowledge of front-end UIs through to back-end systems and all points in between
Experience with web application firewalls (WAF) such as Cloudflare.
Experienced in design reviews, application security architecture and best practices
Experienced in remediating vulnerabilities and defect fixes by working closely with development leads and engineers
Must have exceptional communication skills
Familiar with Open Web Application Security Project (OWASP) best practices
Knowledge of or experience with malware detection and prevention.
Why Work With Us?
When you work with Learning A-Z, you’ll be helping students across the globe develop the comprehension, curiosity, and continued joy of learning they need to succeed in today’s world.
We’ve been awarded numerous accolades from a wide variety of edtech organizations. Our flagship products Reading A-Z, Raz-Kids, and Raz-Plus are beloved by teachers and students alike, and are currently used by approximately 1/5 of public students in the United States.
To learn more about our organization and the exciting work we do, visit www.learninga-z.com.
An Equal Opportunity Employer
We are dedicated to fostering a culture that celebrates unique backgrounds, ideas, and experiences. All qualified applicants will receive consideration for employment without discrimination on the basis of race, color, age, religion, sex, gender, gender identity/expression, sexual orientation, national origin, protected veteran status, or disability.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS CEH Cloudflare Compliance CompTIA Computer Science DAST EDR Firewalls GIAC IDS Intrusion detection ISO 27001 Linux Malware Metasploit Monitoring OWASP Pentesting Risk assessment SAST SIEM Vulnerabilities Windows
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs