Associate, Information Security
Country: United States of America
The incumbent is responsible for detecting threats and vulnerabilities in target systems, networks, and applications by conducting systems, network and web vulnerability assessment / security testing. The Associate, Information Security identifies the security flaws and weaknesses in the systems that can be exploited to cause business risk, and provides crucial insights into the most pressing issues, suggesting how to prioritize security resources.
Develops, manages, and operates security services to assess, prioritize, and mitigate risks in containerized environments. Focuses on container security assessments, threat analysis, policy development, and incident response within application security. Works with development, operations, and security teams to ensure secure container lifecycle management. Designs security controls and automates security testing for containerized applications. Evaluates and recommends security tools and technologies to enhance container security posture. Engages with vendors for security solutions and implements best practices for container security.
Essential Functions/Responsibility Statements:
- Conducts security assessments and vulnerability scans of container images, orchestrators, and runtime environments to identify potential risks and vulnerabilities.
- Monitors and analyzes container security threats and vulnerabilities, providing recommendations for mitigation and risk reduction.
- Collaborates with development, DevOps, and IT teams to integrate security best practices into the container lifecycle, from development to deployment.
- Develops and maintains scripts and tools for automated security testing and monitoring of container environments.
- Provides training and guidance to development and operations teams on container security best practices and emerging threats.
- Maintains comprehensive documentation of security assessments, findings, and remediation efforts.
- Assists in the investigation and response to security incidents involving containerized environments, providing detailed analysis and remediation recommendations.
- Develops and implements security policies, procedures, and best practices for containerized applications and infrastructure.
Qualifications: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience.
Work Experience: 5-9 years; Experience in information technology, information security, application development, or risk management.
Skills and Abilities:
- Familiarity with container technologies such as Docker, Kubernetes, and OpenShift.
- Experience with security assessment tools and techniques for containers, such as AWS Inspector, SysDig, Clair, Trivy, or Aqua Security.
- Strong understanding of DevOps practices and CI/CD pipelines.
- Knowledge of cloud security, preferably in environments like AWS and Azure Platform.
- Excellent analytical and problem-solving skills.
- Strong communication skills, with the ability to convey complex security concepts to technical and non-technical audiences.
- Ability to work cooperatively in a team environment and independently manage tasks.
- Proven ability to understand and analyze complex issues and develop sound recommendations.
Diversity & EEO Statements: At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We actively encourage everyone to apply.
Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status, or any other characteristic protected by law.
Working Conditions: Frequent Minimal physical effort such as sitting, standing, and walking. Occasional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown. Physically capable of lifting to fifty pounds, able to bend, kneel, climb ladders.
Employer Rights: This job description does not list all the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.
The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.
Base Pay Range Minimum:
$94,500.00 USD Maximum:
$130,000.00 USD
Primary Location: Dorchester, MA, Dorchester
Other Locations: Massachusetts-Dorchester,Florida-Miami,Texas-Dallas
The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.
Salary: $94,500 - $130,000/year