Hybrid Security Analyst Security Analyst

This is a remote position.

At Softgic, we work with the sharpest minds, with those who build, with those who love what they do, with those who have a 100% attitude because that's our #Coolture. Join our purpose of making life easier with technology and be part of our team as a Security Analyst.

Compensation:

USD 10 - 17/hour.

Location:

Remote (anywhere).

Mission of Softgic:

In Softgic S.A.S. we work for the digital and cognitive transformation of our clients, aware that quality is an essential factor for us, we incorporate the following principles into our policy:

✯ Deliver quality products and services.

✯ Achieve the satisfaction of our internal and external clients.

✯ Encourage in our team the importance of training to grow professionally and personally through development plans.

✯ Comply with the applicable legal and regulatory requirements.

✯ Promote continuous improvement of the quality management system.

What makes you a strong candidate:

• You are proficient in Security analysis, NIST CF (NIST Cybersecurity Framework), API, and Application security.
• English - Conversacional.
  
  

Responsibilities and more:

• Perform the “Protection Need” on a system/project, which is the initial assessment that kicks off the security assessment process.
• Managing and organizing the documentation of vendor cybersecurity-program assessments (VCA).
• Managing and organizing the documentation of technical security assessments (applications security assessments (ASAs), API assessments, Infrastructure Security Assessments).
• Review security controls to ensure they were filled in by the applicable stakeholder and are ready for the security architect’s review. Preliminarily review security assessment submissions to find issues and give the stakeholders feedback on how to correct the issue(s).
• Coordinate penetration testing for applications and ensure that identified findings are remediated prior to approval / launch.
• Pre-populate/review security risks based on the security assessment so that the Architect can review them.
• Review security risk form for spelling and grammar.
• Support the security architects in completing technical security assessments and VCAs through note-taking, task/action item tracking, documenting control status’, reviewing responses from stakeholder prior to the architect’s review and coordinating meetings with stakeholders.
• Ask questions to internal stakeholders and vendors during ASAs and VCAs.
• Track technical assessment and VCA timelines and update JIRA tasks.
• Identify when there are potential or known vulnerabilities in a system or application and bring them to the teams / security architects to review.
• Preview Pen test or vulnerability scan reports for major issues to help the security architect.
  
  

Requirements

• +2 years of experience (e.g., CISSP, Associate of ICS2).
• Security certification preferred.
• General understanding of security frameworks (e.g., ISO27001, NIST 800-53, etc.)
  
  

Benefits

• Recognized as a Great Place to Work.
• Opportunities for scaling and growth.
• Paid time off.
• Support for formal education and certifications.
• Benefits with partner companies.
• Referral plan.
• Flexible working hours