Infor

This position is for you if you can demonstrate a passion for information security and have a desire to develop your career to become a member of an elite team of security professionals.

In your role as a Security Analyst, you’ll be inspired by a team of the brightest business and technical minds in cyber security. Our team comprised of Security Engineers and Analysts are performing threat analysis and responsible applying the latest trends to design solutions to address vulnerabilities. We are interested in speaking with candidates that have experience in Application Security Vulnerability Management (SAST & DAST). In this role, you also get to use tools such as Splunk, IDS, IPS. As part of our team, your voice matters, and you

will do important work that has impact, on people and businesses. You'll be responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks for the Infor.

This role will provide technical expertise and work directly with endpoint and infrastructure support teams, as well as drive the vulnerability management program for remediations across the enterprise. You will work with directly with team members as subject matter expert as well as lead for resolution of vulnerabilities, configuration and troubleshooting, and assessment. Your role will support the team across the entire life cycle of vulnerability and configuration management including knowledge and expertise in our tools, asset management, scanning, mitigating controls to assess threat, review of remediation timelines for application related vulnerabilities, projects and reporting. You will be required to track and work with team members across the Infor enterprise for patching and remediation as subject matter expert and liaison.

You will need to have a strong knowledge and experience with Application Security vulnerability management and processes, Windows & Linux operating systems, configuration management and vulnerability scanning are required. Knowledge of cloud and infrastructure support systems and network devices such as FW, WAFs, IDS/IPS, etc. is also required. Along with your technical knowledge, attention to details and follow-up are core requirements to this role.

Our industry and our company move fast, and you can be sure that you will always have room to learn and grow.

Key Responsibilities

Min 5 no more than 10

· Interact with a global team of Cyber Security Analysts, Engineers, and Specialists.

· Participate in and support application security reviews and threat modeling, including code review and dynamic testing.

· Own and perform application security vulnerability management.

· Facilitate and support the preparation of security releases.

· Support and consult with product and development teams in the area of application security.

· Assist in development of automated security testing to validate that secure coding best practices are being used.

· Configure, deploy, and maintains Web Application Firewall solutions

· Monitors systems activities and fine tunes system parameters and configuration to optimize

performance and ensure security of systems.

• Creates WAF rules/signatures to mitigate threats and implements best practices

• Develop, maintain, test, and troubleshoot cloud web application firewalls and rulesets. The ideal

· Candidate should have hands on experience with cloud web application firewalls at all of the

· major cloud services providers

· Work with Infor’s business units to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified risks.

· Ownership to create and to drive adoption of security operations procedures for detection and response to vulnerabilities.

· Ability to perform actions to try to determine cause and possible mitigation measure for security vulnerabilities with minimal supervision.

· Ability to uncover and document tools, technics, procedures relevant to the scheduling and assessment of vulnerability scans (and results), as well as the detection and remediation of vulnerabilities.

Key Requirements/Experience

Ideally 5-7 bullet points plus language requirement / education

· Excellent written and oral communications skills and be able to appropriately present highly technical material to both technical and non-technical audiences

· Bachelor’s degree in Engineering, Computer Science, Information Security, or Information Systems with relevant security engineering certifications

· Experience as a security analyst, Minimum of three years’ experience in Application security testing and Vulnerability Management (approx. 3-4 years)

· Proven experience with Security Testing and Vulnerability Management products (SAST & DAST) e.g. Burp suit, White Hat Sentinel, Veracode

· Familiarity with common security libraries, security controls, and common security flaws.

· Basic development or scripting experience and skills.

· Experience with OWASP, static/dynamic analysis, and common security tools.

· A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).

· Experience working with developers.

· Experience identifying security issues through code review

· Must be familiar with CVEs, CVSS, and Mitre as well as other industry specific vulnerability classification standards, frameworks, and best practices

· Desirable: ITIL, CEH, ECSA, AWS Certifications