Information Security Analyst

Job Overview:

As an Information Security Analyst at Learning A-Z, you will play a crucial role in protecting our organization's sensitive information and ensuring compliance with regulatory standards. You will support Learning A-Z’s existing Information Security programs, evaluate our security processes for adequacy, and provide technical and data support for improving our security posture and the effective use of Information Security capabilities and tools. Additionally, you will work closely with cross-functional teams to assess risks, implement security measures, and respond to security incidents.

Job Responsibilities:

• Design and build an end-to-end enterprise application security program which includes both a centralized and decentralized model for application security testing, code scanning, issue tracking, issue remediation, key metrics, application logging

• Run large scale programs that span the enterprise to deploy and manage dynamic scanning solutions

• Configuring a tuning web application firewalls rules as needed.

• Evaluate third-party tools and solutions from a security perspective

• Work with architecture team to implement best practices around cookie and session storage

• Develop, maintain and promote baseline security testing framework into part of regression testing

• Develop, maintain, and report on key application security metrics – both as a program and on an individual basis; creating metric templates and scoring models

• Coordinate with engineering, business, and technical subject matter specialists to identify and mitigate Information Security issues and incidents

• Assist with Pen Testing of web-facing applications and run DAST for vulnerability assessment

• Perform security monitoring. Follow up on alerts from Intrusion Detection Systems (IDS), and Security Information Event Management (SIEM) Systems

• Manage and design the issue management around web application vulnerabilities, their tracking, reporting, metrics, resolution, and validation. Take a proactive approach to dealing with threats by using threat analysis to determine the most vulnerable components of  an application and fortifying them.

• Conduct deep-dive sessions with development teams and understand attack surface, threats, security controls and security design flaws

• Perform Risk Assessment in accordance with ISO27001 requirements and develop appropriate Risk Treatment Plans by working with asset owners.

• Work on a cross department team to help complete security related questions on RFPs and customer compliance documents.

Job Requirements:

• 5-7 years of application security experience, including demonstrated experience with security testing of applications using SAST and DAST

• Pen-testing experience against Windows, Linux, OSX, and mobile platform environments.  Experience with Metasploit or similar tools is a plus.

• Bachelor’s Degree or equivalent experience in computer science, engineering, Information Systems or related technical field

• Information Security Certifications – GWEB, CSSLP, CASE, CASS, GIAC, CompTIA Security+, AWS certification, CEH, Pen Testing certifications a plus

• Understanding of web protocols, tools, and be well-versed in application security and infrastructure security

• Experience with Cylance, Beyond Trust and other EDR tools a plus

• Technical knowledge of front-end UIs through to back-end systems and all points in between

• Experience with web application firewalls (WAF) such as Cloudflare.

• Experienced in design reviews, application security architecture and best practices

• Experienced in remediating vulnerabilities and defect fixes by working closely with development leads and engineers

• Must have exceptional communication skills

• Familiar with Open Web Application Security Project (OWASP) best practices

• Knowledge of or experience with malware detection and prevention.

Why Work With Us?

When you work with Learning A-Z, you’ll be helping students across the globe develop the comprehension, curiosity, and continued joy of learning they need to succeed in today’s world.

We’ve been awarded numerous accolades from a wide variety of edtech organizations. Our flagship products Reading A-Z, Raz-Kids, and Raz-Plus are beloved by teachers and students alike, and are currently used by approximately 1/5 of public students in the United States.

To learn more about our organization and the exciting work we do, visit www.learninga-z.com.

An Equal Opportunity Employer

We are dedicated to fostering a culture that celebrates unique backgrounds, ideas, and experiences. All qualified applicants will receive consideration for employment without discrimination on the basis of race, color, age, religion, sex, gender, gender identity/expression, sexual orientation, national origin, protected veteran status, or disability.