Information Security Analyst

K2 Integrity is seeking an experienced Information Security Analyst who is passionate about secure software development and developer enablement. This candidate will be responsible for the design, implementation, and management of ISO27001-compliant security controls within our software development process. The ideal candidate will have the ability to collaborate with a software development team, raise awareness of secure coding practices, and foster a security-focused culture. We are looking for someone with the expertise to integrate robust security measures seamlessly into the development process, ensuring that security becomes an integral part of our software development lifecycle.

• Partner with software development teams to integrate security practices into the software development process.
• Ensure that SDLC processes comply with ISO27001 and SOC2 audit standards within agreed timeframes.
• Conduct internal audits of SDLC controls.
• Manage secure code review processes, threat modeling, and application security assessments.
• Develop and maintain policies, coding standards, and best practices for developers.
• Maintain and support internal security systems relevant for secure software development.
• Identify and correct issues with vendors, suppliers, and subcontractors as required.
• Identify security gaps and manage gap mitigation.
• Participation in audit, incident response and access review processes.
• Serve as the primary point of contact for technology vendors, coordinating support activities, managing vendor relationships, and ensuring timely resolution of issues.
• Champion good security practices and assist developers with questions.
• Act as project manager for information security projects.

• Bachelor’s of science in cybersecurity required; master’s preferred.
• At least five years’ experience in the information security field and at least 2 years within software development
• Experience with Microsoft Azure, O365, and PowerShell.
• Experience with software tools which facilitate secure SDLC.
• Experience completing ISO27001, and SOC2 audits.
• Experience with regulatory compliance (GDPR, CCPA, PCI).
• Good understanding of information security principles.
• Ability to explain complex theories to development staff.
• Strong knowledge of operating systems and related security issues (Windows, Linux, mobile).
• Strong knowledge of network security systems and practices.
• Strong knowledge of encryption technologies and common issues.
• Any security certification or progress towards a certification is a plus.
• Strong desire to learn, research, and problem solving.
• Excellent communication skills.