• IMS Senior Security Analyst

    Location US-CA-San Luis Obispo
    Job ID
    2018-10319
    # of Openings
    1
    Job Category
    Information Technology
  • Overview

    Security is only as strong as its weakest link. Consequently, Underwriters Laboratories employs a holistic view of software security, from product design and secure system integration to the security of entire infrastructures. UL helps to combat cybersecurity risks throughout the different IT lifecycle phases, from security strategy & design, to secure software development, and implementation in wider IT network & infrastructures.

    UL partners with customers to provide an independent viewpoint and provide advisory, and testing and validation services. We’ll work with customers to evaluate current security exposure and the risks they are running. We’ll help customers to develop risk-based action plans to secure and protect critical assets and data effectively and cost-efficiently. Our aim is to give customers the peace of mind that comes from knowing that you have performed the necessary due diligence to mitigate cybersecurity risks.

    UL is looking for you if you're seeking a cutting edge career in Cyber Security. Do you have experience with product embedded software, smart device, or ethical hacking and match the following point? WE WANT YOU!

    • Eager to learn , especially in self-study
    • Willing to go through a series of intense training on many cyber security domain in a short time
    • Enjoy growing your career professionally with an international team in a multinational company

    UL Web Banner

    Responsibilities

    The Senior Security Analyst will conduct advanced vulnerability assessments, penetration tests, and other ethical hacking actions to identify issues in embedded products (IoT) and software. Helps define industry requirements on cybersecurity along with other standard bodies and industry alliances.

    • Leads and participates in customer projects to the defined requirements in the timeframe required by customers with the highest quality and integrity of work.
    • Analyzes customer documentation to qualify Risk Management and Threat Analysis assessment models.
    • Is able to verify security controls in the product as described in the documentation.
    • Conducts security tests using automated tools, ad-hoc tools, and manual testing techniques.
    • Conducts penetration testing against different technological domains including, but not limited to embedded devices, web apps, mobile apps and other device applications.
    • Assesses and calculates risk based on vulnerabilities and exposures discovered during testing, based on international standards such as OWASP, NIST 800-115, OPENSAMM among others
    • Creates required information security documentation, technical reports, and formal papers on test findings, and complete requests in accordance with requirements.
    • Provides technical guidance and training to new security team members.
    • Provides pre-sales support and the sale of more complex projects.  
    • Helps drive innovation in cybersecurity services.

    Qualifications

    • University Degree (Bachelor’s degree or higher) in Computer Science or a related discipline plus four years’ technical expert in cybersecurity, software development, or ethical hacking.
    • Customer facing , good communication skill
    • Vulnerability, threat and risk management experience
    • Experience with cybersecurity testing of products and software to identify weaknesses and flaws. Able to create PoC's and clearly document the procedure.
    • Hands-on experience with commercial, open source and free security tools for static source code analysis, fuzzing testing, dynamic and binary testing; as well as vulnerability scanning.
    • Understanding of security issues on various operating systems, web and database platforms, proven proficiency in networking and security.
    • Extensive experience and knowledge in scripting at least one or more of the following languages: sh, csh, perl, python, ruby.

     

     

    Nice to have skills

    • Application development background and security knowledge – example of languages include C, C#, C++, Java, J2EE
    • Experience with QNX, Linux, iOS, AOSP, etc.
    • Deep expertise in testing in at least two or more of the following domains: Embedded software, embedded security, mobile apps, telecom or networking equipment.
    • Security related certifications is a plus: CEH, CPT, CEPT, CSSLP, CISSP, OSCE, LPT, CREST ACE, GIAC, CISA, OSCP, CompTIA SECURITY+ or other information security certifications
    • Security framework experience (e.g. ISO 27001/27002, NIST, PCI, FIPS etc.)
    • Experience with various security tools and products (e.g. Nessus, Burp, metasploit framework, OpenVAS)
    • Good understanding of the components of a secure SDLC
    • Application reversing skills
    • Understanding of cryptography principles

    #CB

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!