What are the responsibilities and job description for the Security Analyst position at TriOptus?
Title: Security Analyst
Location: Olympia, WA
Job Description:
• Strong understanding of cloud computing technologies including, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
• Proficient in designing security controls, security tools needs/assessment and technology services.
• Experience working with containerized and micro architecture platform as per the industry best practices.
• Excellent understanding of securing Software Development Life Cycle (SDLC), architecture design and IT operations, and integrating application security into CI/CD pipeline.
• Experience working with threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK, etc.).
• Experience with common vulnerability management process including scanning, analyzing, reporting, remediation planning and tracking.
• Experience working with application security testing tools such as dynamic application security testing, static application security testing, mobile application security testing, source code analysis, vulnerability management.
• Experience with common networking tools (e.g., Wireshark, tcpdump, netcat).
• Experience with security incident or breach investigation and development of strategies to respond to and recover from an incident or breach.
• Familiar with application vulnerability/security frameworks and standards such as OWASP, SANS, CVE, CWS, CVSS, etc.
• Experience in a Health Exchange or its partners would be a plus.
• CompTia Security , CISSP or other industry recognized certifications.
• Experience with administering serverless, cloud-based enterprise applications and environments.
• Experience and general understanding of object-oriented coding (Java, Python, .Net, etc.).
• Excellent understanding of emerging cybersecurity threats.
• Understanding of core Internet protocols and routing (e.g., DNS, HTTP, HTTPS, TCP/IP, UDP, IPSEC, routing protocols, etc).
• Operational understanding of cryptography fundamentals (e.g., SSL/TLS, password security, filesystem encryption, etc.).
• Good understanding of security information and event management tools.
· Cloudflare
· Azure Sentinel
· Tenable Nessus
· Rapid7 AppSec, Insight Vulnerability Management
· BurpSuite
· Ostorlab
· Microsoft Defender
· RecordedFuture
· KnowBe4
· Microsoft Purview
· Microsoft Threat Model
· Jira
· Confluence
· SolarWinds Orion
· PowerShell
· GitHub
· GitHub Advanced Security
· SolarWinds ServiceDesk
· SQL Server Studio
· Postman
