AppSec Analyst

AppSec Analyst
Remote, USA                        OneStream Software LLC

Benefits Offered                 Vision, Medical, Life, Dental, 401K
Employment Type              Full-Time
Compensation                    $85,000.00 - $110,000.00 (Range applies to US candidates only) + Benefits/Variable Comp./Equity - Range may vary based on experience. 

ABOUT THE JOB

We are looking for an Application Security Analyst to join the Information Security team. Responsibilities for this position include aiding in the secure code review process, performing security testing against the OneStream platform to identify risks and vulnerabilities before release and throughout the SDLC, and reviewing the output of application security tools to provide insight and guidance to the organization about remediation. In addition to these responsibilities, this position will play an integral role in leading the security of the OneStream platform by evaluating the security of solutions that get deployed to OneStream customer environments, as well as aiding in the development of custom tools to be used for performing security scans.

The ideal candidate for this position will be someone with an awareness of secure development and programming practices, a basic knowledge of programming, a familiarity with C#, and a passion for securing our platform for our customers. This position will require the candidate to communicate with teams across all levels of the organization and be able to understand and discuss technical details with both technical and non-technical audiences. At times it may be necessary to create proof-of-concept exploits against a target to validate vulnerabilities and to determine the risk that certain vulnerabilities may truly pose to customers

RESPONSIBILITIES

Primary Responsibilities:

• Perform manual and automated application security testing.
• Perform code analysis to ensure security of code for both the OneStream platform as well as solutions provided by OneStream Partners.
• Collaborate with Development and Engineering teams to secure OneStream services.
• Work with other members of the Security team to identify attack patters and indicators of compromise.
• Develop and maintain custom security testing tools for internal testing.
• Enforce secure coding and development practices across the SDLC.
• Work alongside other members of the Security team to secure various applications and infrastructure.
• Document and report security concerns found during testing.
• Perform penetration testing against OneStream assets to validate infrastructure security.

QUALITIES OF A SUCCESSFUL CANDIDATE

Formal Education and Certification

• BSc/BA in Computer Science, Engineering, or relevant field, with 3+ years of IT security, administration, or networking experience.
• MSc/MA in Computer Science, Engineering, or relevant field, with 1+ year of IT security, administration, or networking experience.
• Assoc. in Computer Science, Engineering, or relevant field, with 5+ years of IT security, administration, or networking experience.
  
  

Knowledge and Experience

• Experience with writing C# & .NET code.
• Experience performing code reviews on C# & .NET code.
• Experience performing penetration tests.
• Experience with IT Security & infrastructure, security risk management, SOC2, FedRAMP, security policies & procedures, security testing & auditing, internal audit.
• Any industry recognized certifications:
  • GIAC Security Essentials Certification (GSEC).
  • CompTIA Security+.
  • CompTIA Pentest+.
  • Other Security or Penetration Testing Certifications.
    
    

Personal Attributes

• Outstanding communication skills.
• Organized.
• Strong reasoning skills.
• Self-motivated, self-starter.
• Independent thinker, with good judgement.
• Ability to think fast and on their feet.
• Sound decision making skills.
• Ability to evaluate pros and cons.
• Ability to multitask and prioritize a variety of projects.
• Comfortable with communicating with all levels of management.
• Experience with OneStream Software not required, but experience with any financial consolidation package is a plus.
• Legally authorized to work for any company in the United States without sponsorship.
  
  

WHO WE ARE

OneStream® is an independent software company backed by private equity investors. OneStream provides an intelligent finance platform built to enable confident decision-making and maximize business impact.  

OneStream unleashes organizational value by unifying data management, financial close and consolidation, planning, reporting, analytics, and machine learning. We empower Finance and Operations teams with AI-enabled insights to make faster and more intelligent decisions every single day. All in a single, modern CPM platform designed to continually evolve and scale with your organization. To learn more visit www.onestream.com. 

WHY JOIN THE ONESTREAM TEAM

• Transparency around corporate structure, salary, and benefits
• Core value of customer success
• Variety of project work (not industry specific) 
• Strong culture and camaraderie
• Multiple training opportunities
  
  

Benefits at OneStream Software
OneStream employees are passionate, hardworking individuals who go above and beyond to keep our customers happy and follow through on our mission statement. They consistently deliver the best and in turn, we make every effort to keep them cared for and happy. A sample of the benefits we provide are:

• Excellent Medical Plan
• Dental & Vision Insurance
• Life Insurance
• Short & Long Term Disability
• Vacation Time
• Paid Holidays
• Professional Development
• Retirement Plan

OneStream Software is an Equal Opportunity Employer.

#LI-Remote
#LI-CB1