Information Security Analyst

At Symphony, we’re on a mission to help people communicate, collaborate and enjoy their work.  Our secure messaging and meetings platform is changing the way people do business in information sensitive industries.  Our customers are fast-paced, and rely on Symphony to keep up, while ensuring complete data privacy and information security.

We are seeking a passionate and experienced Information Security Analyst to augment our efforts in Vulnerability Management, including protection and understanding of risk in relation to business information assets and, building systems that are compliant & meet global security standards.  This role reports to the Director of Infrastructure Security and helps protect the confidentiality, integrity and availability of information assets with a critical focus on Symphony’s vulnerability management program.

RESPONSIBILITIES:

• Triage & Analyze reports from Symphony’s Bug Bounty Program and other external or internal sources, take appropriate action and respond to maintain Symphony’s level of security
• Reproduce reported application vulnerabilities
• Collaborate with colleagues at all levels of the organization, across all business and technology functions, in order to advance and support the vulnerability management program
• Track, triage and schedule component vulnerabilities used across IT and Cloud infrastructures
• Analyze, identify improvements, and optimize Symphony’s vulnerability management processes
• Cross-train with team members on all other Infrastructure Security Tools such as SIEM, Firewall, monitoring tools

REQUIRED QUALIFICATIONS:

• 5-6 years’ relevant experience focused on vulnerability management for web applications
• CISSP or relevant SANS certification
• Proven experience of combined security and\or IT work experience in a position focused primarily on application security
• Knowledge of Information Security standards and secure coding best practices
• Experience with conducting network, operation system, database and/or vulnerability assessments and security configuration/hardening audits
• Knowledge of Static and Dynamic Analysis tools (SAST/DAST) such as Veracode, Checkmarx, SonarQube, OWASP ZAP
• Excellent Verbal and Written Communication Skills
• Nice to have:
• Java development background
• Python and/or other scripting abilities
• CEH or OSCP certification

ABOUT SYMPHONY:

We’re looking for top-notch talent to join our team to help us change the way the world communicates. If you have the skills and savvy to work with a world-class team and an appetite for game-changing disruption, we want to hear from you!

 BENEFITS AND PERKS*:

• Medical, dental, and vision coverage
• 401(K) plan
• Life and AD&D coverage
• Short-term and long-term disability coverage
• Employee assistance program
• Flexible spending account benefits
• Unlimited vacation and sick time
• Fully stocked kitchen and catered or reimbursed lunches
• Discounted gym memberships
• Many other fun and exciting benefits and activities!

COMPENSATION:

• Competitive salary
• Bonus Plan
• Equity 

*Benefits and Perks vary based on location.

Symphony reserves the right of ownership for all unsolicited resumes submitted for this requisition and is not responsible for any fees associated with unsolicited resumes. Symphony is an Equal Opportunity Employer. Symphony participates in E-Verify. 

Any offer of employment is conditioned upon the completion of an I-9 form and submission of the appropriate documents for identity and work authorization.