[Owasp-salt_lake] Please post the following

Michelle Garretson michelle.garretson at progfinance.com
Wed Sep 17 16:45:05 UTC 2014

Thanks for posting this job posting.

Hi there, we are currently looking for a Sr. IT Security Analyst and I was
hoping there was a way to get this posted to your community?

Here is the job description and link to our position/website -

Thanks so much!


Progressive is blazing a path at the intersection of Finance and Technology
and we have an exciting new opening for a Infrastructure Engineer in our
Utah office.

The Security Analyst reports to the Chief Information Officer. The Security
Analyst is responsible for information security policy development and
maintenance; design of security policy, education, training, and awareness
activities; monitoring compliance with company IT security policy and
applicable law; and coordinating investigation and reporting of security


The successful candidate will understand that security is best implemented
in a fashion that makes it unable to be detected or does not become
obtrusive. However, they understand that security is increasingly important
and must not be compromised in the era of digital openness, social media,
and connectedness. The successful candidate perseveres to find an
appropriate solution, meeting business requirements and creating a
transparent security solution. More fundamentally, the ideal candidate must
also be an accomplished process and business analyst to understand how to
construct a secure environment without interfering with business value.

The candidate should also have relevant experience as a trusted technology
advisor to senior business, technology leaders and key decision makers. In
particular, the candidate should have hands-on experience or demonstrated
knowledge in, but not limited to code scanning toolsets, PCI compliance,
risk management, OWASP tools and methodologies, HTTP and web programming,
client server technologies, common security requirements withinASP.NET
<http://asp.net/> and JavaScript applications, standard SDLC practices,
network hardening, physical security, and internal as well as external
attack prevention and mitigation.


Performing application vulnerability assessments

Performing risk assessment reviews

Performing network penetration tests

Performing security controls and code review across a variety of
programming languages and

technology implementations

Performing assessments of SDLC processes

Developing testing scripts and procedures

Other security-related projects that may be assigned according skills

Contributing to the IT business continuity and disaster recovery program

Maintain a professional, optimistic, and energetic presence that instills
confidence for the team

Communicate clearly and support an environment for clear communication,

collaboration, and conflict resolution

Foster constructive conflict, open dialog, and feedback

Assist the Chief Information Officer with prioritization efforts and sprint

All other duties as required


Strong ethics and understanding of ethics in business and information

Demonstrated experience in interfacing with third party information
security providers

Demonstrated knowledge of regulatory and statutory compliance requirements
and widely

accepted security and governance frameworks

Web application certifications (GIAC's GWEB or GWAPT, ISC2's CSSLP)

Exceptional English language written and oral communication skills

Three or more years work experience in application security

Five or more years work experience in IT or software development

Four or more years working in a small team environment

Experience with vulnerability scanning tools (e.g., Qualys, Nessus,
Nexpose, Saint)

Experience with web application vulnerability scanning tools (e.g., IBM
AppScan, HP Webinspect,

Accunetix, NTO Spider, Burpsuite Pro)

Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)

Experience with high level programming languages (e.g., Java, C, C++, .NET
(C#, VB))

Experience with web application development (e.g., JavaScript, HTML5,
ASP.NET <http://asp.net/>, ASP, PHP,


Ability to complete tasks and deliver professionally written reports for

Ability to present findings to technical staff and executives

Possess current security certifications (e.g., CISSP, CEH)

Bachelors degree in Computer Engineering, Computer Science, or Information

Management or equivalent experience is required

Experience with project management or business analysis tools like JIRA,
Balsamiq, Green


Demonstrated ability to self-motivate and be flexible within a fast-paced

Team player with a proactive bias and optimistic outlook

PF is the leading consumer financing company in the United States.  PF
blends the use of innovative technology with a simple to use application
process to drive revenue for thousands of retailers.  Retailers love our
product and our people -- we are growing the business rapidly and we need
more great people to join the team.  Want to find out more?

Michelle Garretson
IT Recruiter
c: 248-408-9801 | e: michelle.garretson at progfinance.com

CONFIDENTIALITY NOTICE: This e-mail and any attachments are
confidential. If you are not an intended recipient, please contact the 
sender to report the error and delete all copies of this message from your 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-salt_lake/attachments/20140917/53d9ad03/attachment.html>

More information about the Owasp-salt_lake mailing list