Listing Description

POSITION SUMMARY:

• IPG is seeking a Senior Analyst, Software Applications Security, to join the CISO group. The individual will be responsible for assisting with the implementation of an enterprise-wide software application security program. This position will proactively work with the IPG and agency application development teams, support staff and IT leadership to promote secure software development and active detection of vulnerabilities and exploitable code.


• The Senior Analyst will be directly involved in management of various application scanning tools, script writing and advising on application vulnerability remediation. The ideal candidate is analytical, understands risk and is knowledgeable in application development. Willingness to learn and flexibility is a must as day-to-day assignments can vary greatly.

ESSENTIAL FUNCTIONS:

•  Development experience using Python, BASH, Ruby, or other scripting languages.


• Understanding of OWASP Top 10 and SANS Top 25.


• Understanding of software development CWE classes.


• Understanding of Secure Software Development Life Cycle (SSDLC).


• Knowledgeable about software development-related CIS controls.


• Knowledge of NIST-800-53 and OPA hands-on.


• Knowledge of Zero-trust security will be advantage.


• Should have exposure to API security.


• Knowledgeable about modern web application frameworks like Node.js, React.js, Angular, Ruby on Rails, Laravel, etc.


• Should have experience of Jenkins, GIT, Bitbucket, JFrog, Quay, ECR, Docker, OCP, Kubernetes.


• Knowledge of cryptography, network, and web related protocols (such as TCP/IP, UDP, HTTP and HTTPS).


• Experienced in cloud-native and container security — Kubernetes and OCP. Must have hands-on experience of CI/CD scans and cloud security posture management tools such as Prisma Cloud, Aquasec or Wiz.


• Candidate should have work experience in multi-cloud environments — AWS, Azure, and GCP.


• Knowledgeable about DevSecOps, Infrastructure as Code, and securing CI/CD pipelines.


• Should have good knowledge of application security, threat modelling, source code analysis, source code composition, and DAST.


• Application security tools — Burp Suite, ZAP, Veracode, Checkmarx, Snyk, Thread modeler, Qualys web scanner, Hashicorp Vault, Prisma Cloud, Aquasec and Wiz.


• Ability to see the big picture and keep it in mind while performing operational activities, vetting vendors and tools, and apply all these things when helping plan the next phases of our software security program.


• Able to work on multiple projects simultaneously in a fast-paced environment.


• Use development experience to create necessary scripts to meet various needs of software security program.


• Assist with management of security champion program with development teams.


• Assist with management of application scanning program (DAST, SAST, SCA, IAST, etc.), including identifying applications that require scanning, managing on boarding of applications into scanning programs, and working with development teams to understand and remediate findings.


• Research and present on topics to development teams focused on specific application vulnerabilities or application security areas of interest to teams.


• Assist with creating, editing, and revising standard policies and procedures and documentation of technical processes.


• Assist with validating and explaining security vulnerabilities reported via scanning, security researchers, users, etc.


• Participate as needed in incident response, threat hunts, penetration testing, and other tasks as they relate to application security.


• Take on additional responsibilities as applicable.

EDUCATION, SKILLS, AND EXPERIENCE REQUIERMENTS

• 2-4 years of IT/IS experience at a top-ten accounting or cybersecurity firm.


• Graduates who majored in the following programs (or equivalent):
  
  
  
  • Management/Computer Information Systems
  
  
  • Information Assurance
  
  
  • Cybersecurity
  
  
  • Accounting/Business major who completed basic MIS/IT courses
  
  
  
  


• In the process of or have already taken the exam for an IS-related certification (e.g., CISSP).

BENEFITS OF JOINING IPG:

One of our primary goals is to support the health and well-being of you and your family. Our compensation plan includes the following benefits, in addition to many others:

• Healthcare Options
  
  
  
  • Medical
  
  
  • Dental
  
  
  • Vision
  
  
  • Prescription
  
  
  
  


• Dependent and Health Care Flexible Spending Accounts


• 401(k) savings plan with company match


• Flexible based Paid Time Off


• Employee Assistance Program


• Legal Assistance Plan


• Tuition Reimbursement


• Employee Stock Purchase Plan


• Exclusive discounts on cell phones, gyms, and everyday purchases

IPG is an equal opportunity employer and we value diversity, inclusion and equity at our company. We do not discriminate on any unlawful basis including race, religion, color, national origin, disability, gender, sexual orientation, age, marital status, veteran status, or any other basis prohibited by law.