INFORMATION SECURITY SR ANALYST Job Listing at Dollar General in Goodlettsville, TN (Job ID 2024-298122)

Description

Work Where You Matter: At Dollar General, our mission is Serving Others! We value each and every one of our employees. Whether you are looking to launch a new career in one of our many convenient Store locations, Distribution Centers, Store Support Center or with our Private Fleet Team, we are proud to provide a wide range of career opportunities. We are not just a retail company; we are a company that values the unique strengths and perspectives that each individual brings. Your difference truly makes a difference at Dollar General. How would you like to Serve? Join the Dollar General Journey and see how your career can thrive. Company Overview:

Responsible for performing static and dynamic application security testing in order to identify vulnerabilities in applications that are storing, processing, or handling DG data.  This includes applying an appropriate security risk rating based on compensating controls and other mitigating factors, and identifying and conveying vulnerabilities in a manner that clearly defines the security risk to a given application - while providing developers additional guidance as to how a vulnerability should be remediated and properly re-tested to validate the effectiveness of remediation efforts.

Duties & Responsibilities:

1. Perform static and dynamic application security testing using a combination of commercial, open-source, and manual testing methods.
2. Conduct application security risk and compliance reviews and analysis; identify, recommend, and track progress of security risk mitigation plans while collaborating with IT and business units to drive risk mitigation plans to completion.
3. Represent the information security department through pragmatic consultation and participation in a defined SDLC, promoting application security best practices and standards.

Knowledge, Skills and Abilities (KSAs): What KSAs are required to perform this job?

1. Strong understanding of current and emerging application security and general information security best practices, technologies, techniques, trends, threats, and countermeasures, to include application security aspects related to cloud technologies.
2. Strong, effective written and oral communications skills and able to communicate to technical and non-technical audiences across multiple levels.
3. Strong, hands-on experience performing static and dynamic application security tests, assessments, etc. using commercial and other tool sets, manual testing methods, etc.
4. Strong negotiation skills (e.g., driving internal security recommendations, external vendor action, etc.).
5. Strong understanding of effective, pragmatic application security controls and related industry (e.g. OWASP) best practices; risk management and compliance strategies and techniques; and PCI, HIPAA, and SOX regulatory requirements.
6. Solid understanding of agile and waterfall development methodologies and the efficient and effective integration of application security design and testing processes.
7. Ability to learn and retain new skills to adapt to evolving business, technical, risk, and security needs.
8. Ability to work occasionally during non-standard shifts, in an on-call capacity, and able to travel as needed (up to 5%).

Work Experience &/or Education: What are the minimum education and/or experience requirements necessary to perform this job?

1. College degree or equivalent experience in information security with a minimum 5 years current/recent application security experience. Active CISSP or CSSLP certification preferred.
2. Extensive hands-on experience in static and dynamic application security testing using a variety of manual testing methods, commercial and non-commercial tools, best-practice security frameworks (e.g., OWASP ASVS), etc.
3. Foundational experience with host operating systems, networking principles, web application firewalls, and associated security controls; network/system vulnerability scanning tools; security information and event management (SIEM); privileged user management (PUM); and governance risk and compliance (GRC).

#mogul