Security Analyst in Heredia at TradeStation

Date Posted: 10/17/2021

Job Snapshot

Job Description

Security Analyst
Heredia, Costa Rica
TradeStation is an online brokerage firm seeking to level the playing field for self-directed investors and traders, empowering them to claim their individual financial edge.  At TradeStation, we're continuously pushing the boundaries of what's possible, encouraging out-of-the-box thinking and relentless search for innovation.  We offer a collaborative work environment, competitive salaries, comprehensive benefits and a generous PTO policy.
POSITION SUMMARY:
The Security Analyst is a member of the Application Security team that is responsible for ensuring the security of company assets. This includes performing periodic reviews and assessments, communicating with engineering staff on security vulnerabilities detected, tracking remediations and creating metrics. The Security Analyst is also responsible for developing, reviewing, and updating security documentation.
ESSENTIAL JOB FUNCTIONS:
  • Perform periodic security assessments and reviews in accordance with security plans
  • Communicate regularly with engineering staff including developers, managers, product owners, etc.
  • Support project assignments with strong and effective communication, time management and collaboration skills
  • Perform security testing of applications using SAST, DAST, SCA, and other AppSec testing technologies
  • Collaborate with the Application Security Director for monthly metrics reporting
  • Review, update and develop required security documentation, including Information Security policies and standards
  • Keep up to date with information security news, techniques, and trends
  • Assist and research ways to improve and automate existing processes using scripting languages if necessary (Python, JavaScript, etc.)
  • Assist with configuring, installing, and administering security tools and systems
  • Assist with the evaluation of new and existing security tools, platforms, and technologies
  • Assist with other security related initiatives as they arise
KNOWLEDGE, SKILLS & ABILITIES:
Required:
  • Background in Information Security, Systems Administration, or Information Technology
  • Solid understanding of security principles, best practices, and compliance requirements (PCI, SOX, GDPR, OWASP, etc.)
  • Strong analytical, problem solving, and troubleshooting skills
  • Able to multitask and prioritize in a dynamic environment with continuously shifting priorities
  • Excellent verbal and written communication skills
  • Highly motivated and able to commit to our team
  • A thirst for knowledge and self-improvement
Preferable but not required:
  • Experience with SAST, DAST, SCA security test tools such as Checkmarx, BlackDuck, Nmap, SSL/TLS scans, OWASP ZAP
  • Experience with distributed and scalable cloud architecture and techniques
  • Experience deploying to Linux containers using Docker
  • Experience deploying services on Kubernetes
  • Experience with Containerization; Docker and/or Kubernetes
  • Experience with software development programming and scripting languages
  • Experience with Microsoft Azure and Amazon Web Services environments
EDUCATION & EXPERIENCE:
  • Minimum 2 years of experience in Cybersecurity or Information Security technology or a related technology field role associated to the responsibilities above
  • One or more of the following certifications strongly preferred:
    • SSCP or CompTIA Security +
    • SANS GSEC
    • Other industry recognized certifications or accreditations
  • Demonstrated progression toward security career goals