automotosocial
Senior Information Security Analyst
automotosocial, Centreville, Virginia, United States, 22020
JOIN OUR WINNING TEAM AS A SENIOR DEV OPS SECURITY ANALYST
AT CARFAX, WE ARE CONSTANTLY EXPANDING OUR PRODUCT AND TECHNOLOGY OFFERINGS! This means we are continually bringing new, innovative products to market through exciting technology initiatives to help our customers. Come join the success in Biz Tech. As a Senior Dev Ops Security Analyst, you will be responsible for guiding technical teams in building secure products in a DevOps model. The position aims to enhance security within the software development lifecycle through simple, automated tools that integrate seamlessly into developers' workflows. See if you have what it takes to join Team CARFAX!
THE TECH CULTURE AT CARFAX Having a creative and innovative environment where our techies can collaborate, learn, and grow is something CARFAX is passionate about. We have an entire floor dedicated to our tech teams, designed specifically to enable big ideas and high-quality output. Along with creating and maintaining excellent software, you’ll also have opportunities to participate in quarterly Hack-a-thons or relax by playing the latest games on Xbox. CARFAX is dog-friendly, providing dog beds, bowls, and toys, and encouraging visits from your furry friends!
AS A SENIOR DEV OPS SECURITY ANALYST, YOU WILL:
Serve as the technical point of contact for product teams regarding automation, CI/CD, and
DevSecOps
Build tools and automation scripts to enable CARFAX developers to easily access security services
Enhance security accessibility through automation, continuous integration pipelines, and other means
Evaluate and recommend products and services across the corporate security technology stack
Research and advise on secure Cloud architecture designs following best practices
Work with teams to identify threats and vulnerabilities via threat assessments
Develop technical assessments for new technologies and third-party integrations, supporting security policy compliance
Develop hardened operating baselines based on industry standards and best practices
Create secure coding guidelines and provide security awareness and technical training
Perform and analyze vulnerability scans and penetration tests, guiding mitigation efforts
Lead security incident response, conduct forensic investigations, and determine root causes and response actions
QUALIFICATIONS:
Bachelor's degree in computer science or related field, or equivalent experience
6+ years of experience developing secure software using TDD/Agile/XP/Lean methods
Experience in cloud, e-commerce, and mobile software release environments
Proficiency with development tools such as Jenkins and GitHub
Familiarity with scripting languages like Python, Perl, PowerShell
Understanding of application stack technologies (HTTP, HTML5, AJAX, REST, JSON) and platforms (AWS, ReactJS, AngularJS, Java, Spring Boot, MySQL, MongoDB, Hadoop, iOS, Android)
Experience with containers and Kubernetes
Knowledge of cryptography concepts (encryption, key storage, hashing, crypto libraries)
Hands-on experience with port and network scanning tools (Nessus, Nexpose, Nmap)
Experience with web application scanners and SAST/DAST testing platforms (Netsparker, Veracode)
Experience with firewall, network security, and intrusion detection products (Cisco ASA, F5, Sourcefire, Okta)
Familiarity with logging, alerting, and file integrity monitoring tools
Deep understanding of application vulnerabilities, threat vectors, and mitigations
Knowledge of IP protocols, network security architecture, and threats
Familiarity with security standards and compliance regulations (ISO 27001, NIST, OWASP, PCI DSS)
Preferred security certifications (CISSP, CSSLP, CEH, GSSP, GWEB)
ABOUT CARFAX CARFAX, a unit of IHS Markit, helps millions daily with vehicle history information. Since 1984, we provide services like Carfax Used Car Listings, MyCARFAX, and the Carfax Vehicle History Report. We own the world’s largest vehicle history database and have been recognized as a top workplace by The Washington Post and Glassdoor. Based in London, IHS Markit is a leader in critical information, analytics, and solutions.
#J-18808-Ljbffr
AT CARFAX, WE ARE CONSTANTLY EXPANDING OUR PRODUCT AND TECHNOLOGY OFFERINGS! This means we are continually bringing new, innovative products to market through exciting technology initiatives to help our customers. Come join the success in Biz Tech. As a Senior Dev Ops Security Analyst, you will be responsible for guiding technical teams in building secure products in a DevOps model. The position aims to enhance security within the software development lifecycle through simple, automated tools that integrate seamlessly into developers' workflows. See if you have what it takes to join Team CARFAX!
THE TECH CULTURE AT CARFAX Having a creative and innovative environment where our techies can collaborate, learn, and grow is something CARFAX is passionate about. We have an entire floor dedicated to our tech teams, designed specifically to enable big ideas and high-quality output. Along with creating and maintaining excellent software, you’ll also have opportunities to participate in quarterly Hack-a-thons or relax by playing the latest games on Xbox. CARFAX is dog-friendly, providing dog beds, bowls, and toys, and encouraging visits from your furry friends!
AS A SENIOR DEV OPS SECURITY ANALYST, YOU WILL:
Serve as the technical point of contact for product teams regarding automation, CI/CD, and
DevSecOps
Build tools and automation scripts to enable CARFAX developers to easily access security services
Enhance security accessibility through automation, continuous integration pipelines, and other means
Evaluate and recommend products and services across the corporate security technology stack
Research and advise on secure Cloud architecture designs following best practices
Work with teams to identify threats and vulnerabilities via threat assessments
Develop technical assessments for new technologies and third-party integrations, supporting security policy compliance
Develop hardened operating baselines based on industry standards and best practices
Create secure coding guidelines and provide security awareness and technical training
Perform and analyze vulnerability scans and penetration tests, guiding mitigation efforts
Lead security incident response, conduct forensic investigations, and determine root causes and response actions
QUALIFICATIONS:
Bachelor's degree in computer science or related field, or equivalent experience
6+ years of experience developing secure software using TDD/Agile/XP/Lean methods
Experience in cloud, e-commerce, and mobile software release environments
Proficiency with development tools such as Jenkins and GitHub
Familiarity with scripting languages like Python, Perl, PowerShell
Understanding of application stack technologies (HTTP, HTML5, AJAX, REST, JSON) and platforms (AWS, ReactJS, AngularJS, Java, Spring Boot, MySQL, MongoDB, Hadoop, iOS, Android)
Experience with containers and Kubernetes
Knowledge of cryptography concepts (encryption, key storage, hashing, crypto libraries)
Hands-on experience with port and network scanning tools (Nessus, Nexpose, Nmap)
Experience with web application scanners and SAST/DAST testing platforms (Netsparker, Veracode)
Experience with firewall, network security, and intrusion detection products (Cisco ASA, F5, Sourcefire, Okta)
Familiarity with logging, alerting, and file integrity monitoring tools
Deep understanding of application vulnerabilities, threat vectors, and mitigations
Knowledge of IP protocols, network security architecture, and threats
Familiarity with security standards and compliance regulations (ISO 27001, NIST, OWASP, PCI DSS)
Preferred security certifications (CISSP, CSSLP, CEH, GSSP, GWEB)
ABOUT CARFAX CARFAX, a unit of IHS Markit, helps millions daily with vehicle history information. Since 1984, we provide services like Carfax Used Car Listings, MyCARFAX, and the Carfax Vehicle History Report. We own the world’s largest vehicle history database and have been recognized as a top workplace by The Washington Post and Glassdoor. Based in London, IHS Markit is a leader in critical information, analytics, and solutions.
#J-18808-Ljbffr