DevSecOps Security Analyst

Equifax is where you can power your possible. If you want to achieve your true potential, chart new paths, develop new skills, collaborate with bright minds, and make a meaningful impact, we want to hear from you.

You will serve as a Security Analyst in the Information Security Office for Equifax Workforce Solutions. In this role, you will research, monitor, assist and ensure that the proper security controls are built into every phase of the product development process. You will assist product engineering in identifying security challenges, researching details and preparing options to remove risk and remediate issues. You will engage in security control review, evaluating existing processes and identifying opportunities to improve accuracy, efficiency, effectiveness and maturity of our support of product engineering.

What You'll Do

• Serve in a security analyst role as an expert on software security and the secure software development lifecycle
• Receive and evaluate vulnerability findings, perform relevant research and provide guidance to engineering to build remediation approaches
• Provide rationale and guidance to engineers and engineering team leads on how to identify and address software code risks, vulnerabilities and how to introduce and improve secure software development practices
• Become proficient in the use of all available static code analysis tools. Coaching engineering team members on relevant use in their role. How to interpret results and how to research findings and develop acceptable approaches for remediation
• Increase personal knowledge of dynamic analysis tools, defensive programming techniques, the OWASP Top 10, and other common software security patterns and anti-patterns
• Engage directly with the teams on how to close software security findings (Fortify, pen tests) and practices that can help them avoid future findings
• Assist across the Information Security Technology team as needed in areas related to code development, operational security and security compliance
• Integrate flawlessly with the Equifax corporate product security team, who is responsible for the global software security and SSDLC programs. Consume their products and processes, advance the adoption of their standards into Workforce Solutions. Provide tenacious feedback and champion the needs of developers. Be an engaged, collegial partner of the global team.

What experience you need

• Bachelor of Science in Computer Science, Computer Engineering, Electrical Engineering, or a related field preferred. Equivalent experience will also be considered
• 3 years experience in a DevSecOps Security role. (Application Security preferred).
• 1-3 years experience with cloud-native development practices / technologies, including CI/CD.
• 1-3 years working knowledge of code development and coding logic concepts and able to read/interpret code for research and assessment purposes
• 1-3 years working the application of operating security controls such as WAF, SCA, SAST, DAST, IAST, API protection, authentication gateway, certificate management, CI/CD security, etc.
• 1-3 years experience working with information security, with a particular emphasis on application security. How to assess vulnerabilities in software, how to determine risk, how to mitigate and remediate various software vulnerabilities.
• 1-3 years working with secure development practices, such as threat modeling, development of use / abuse cases, key patterns and anti-patterns that drive secure software, successful habits, common mistakes, etc.

What could set you apart:

• Strong understanding of engineering practices
• Knowledge of Equifax products and services

We offer comprehensive compensation and healthcare packages, 401k matching, paid time off, and organizational growth potential through our online learning platform with guided career tracks.

Are you ready to power your possible? Apply today, and get started on a path toward an exciting new career at Equifax, where you can make a difference!

Equifax is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

#LI-Hybrid

Primary Location:

USA-St. Louis-2330 Ball

Function:

Function - Security Governance and Compliance

Schedule:

Full time