Information Security Analyst

• Partner with software development teams to integrate security practices into the software development process.
• Ensure that SDLC processes comply with ISO27001 and SOC2 audit standards within agreed timeframes.
• Conduct internal audits of SDLC controls.
• Manage secure code review processes, threat modeling, and application security assessments.
• Develop and maintain policies, coding standards, and best practices for developers.
• Maintain and support internal security systems relevant for secure software development.
• Identify and correct issues with vendors, suppliers, and subcontractors as required.
• Identify security gaps and manage gap mitigation.
• Participation in audit, incident response and access review processes.
• Serve as the primary point of contact for technology vendors, coordinating support activities, managing vendor relationships, and ensuring timely resolution of issues.
• Champion good security practices and assist developers with questions.
• Act as project manager for information security projects.

• Bachelor’s of science in cybersecurity required; master’s preferred.
• At least five years’ experience in the information security field and at least 2 years within software development
• Experience with Microsoft Azure, O365, and PowerShell.
• Experience with software tools which facilitate secure SDLC.
• Experience completing ISO27001, and SOC2 audits.
• Experience with regulatory compliance (GDPR, CCPA, PCI).
• Good understanding of information security principles.
• Ability to explain complex theories to development staff.
• Strong knowledge of operating systems and related security issues (Windows, Linux, mobile).
• Strong knowledge of network security systems and practices.
• Strong knowledge of encryption technologies and common issues.
• Any security certification or progress towards a certification is a plus.
• Strong desire to learn, research, and problem solving.
• Excellent communication skills.

K2 Integrity