IT Product Security Lead Analyst
Evolver is a technology company serving the Federal, Commercial, and Legal markets that addresses client challenges in the present and transitions clients into the future by introducing efficient and effective IT solutions. Established in 2000, Evolver has successfully grown to be a trusted technology leader. Evolver's efforts and growth have been recognized by leading publications and organizations, including Inc. 5000 for five consecutive years, and most recently "Future 50" from SmartCEO. With a dedicated focus on client satisfaction, Evolver has proven its value time and time again, from managing day-to-day operations to skillfully navigating the implementation and support of new technologies. Evolver's core competencies are infrastructure, application development, cybersecurity, cloud, end-user support, data analytics and legal services.
We believe our employees are key to our success and continued growth. We attract and retain our diverse workforce by promoting a work-life balance with generous and flexible time off, competitive compensation and benefits, and a commitment to professional development. When you join Evolver, you join a community of talented and dedicated individuals whose abilities, skills, and actions contribute to the success of the company.
Evolver is seeking a IT Product Security Lead Analyst to join our team and work 100% Remote from within the Continental US.
Essential Job Duties and Responsibilities
Product Security lead analyst is the key position responsible for supporting and enabling efficient and effective continuous improvement of our clients Product Life Cycles (Secure-TPLCs) and Secure Software/System Development Life Cycles (Secure-SDLCs) for its digital health technologies, products and services in support of our commitment to the highest standards of patient safety, quality and integrity; and, in alignment with Cybersecurity Guidance and other related resources. The incumbent has a direct effect across the entire enterprise.
Principal Duties and Responsibilities
Will have a clear, complete and in-depth understanding of information security requirements, tools, and processes that apply to Secure-TPLC/SDLC programs needed to increase security across a enterprise of product teams and portfolio of digital health products and services.
Coordinates, supports, and enables the continuous improvement of building more mature security practices into our Secure-TPLC/SDLC processes, products, and services. Design projects to enable product teams and solutions to be better compliant with Industry best practice.
Interact with business/product teams to understand the requirement and translate it into Security implementation.
Under minimal direction, performs basic analysis, design, implementation and maintenance activities in various * areas of digital health/product security.
Coordinate incident response activities with product teams and CSOC as necessary.
Works independently and leads assignments of moderate to medium complexity.
Develop and report on metrics showing how the digital health products and services are protected. * Consistently applies the concepts of appropriate standard methodologies and best practices for digital health/product
Prepares reports, records progress and creates solutions to digital health/product security problems/issues.
Partners with digital health/product team community to devise or modify procedures to solve complex problems or improve existing processes; and, advance the Digital Health/Product Security Program maturity and associated processes are efficient and effective.
Applies principles, concepts and practices of the IT Competency Model at the Senior Analyst level. * Proactively enforces security policies to ensure digital health technologies, products and services are protected.
Support development and maintenance of Digital Health / Product Security policies, standards, guidance, templates, tools, plans, et al. documentation.
Lead or participate in other data protection program activities.
Proactively promote global and local security policies to ensure information assets are protected.
Provide guidance to peers, junior team members and/or other stakeholders.
Lead process to identify, assess, risk-rationalize and report digital health/product security related risks and issues; monitor and report on digital health/product security KPIs/KRIs.
Minimum Qualifications and Requirements
Areas of Competence
Strong understanding of Information Security, IT in general and Secure-SDLC in particular with a focus on building more security into the Secure-TPLC/SDLC.
Strong understanding of information security technology, especially relating to Secure-SDLC.
Ability to collaborate and build positive relationships across multiple stakeholders.
Agile thinking and analysis that leads to win-win and innovative solutions.
Ability to quickly and accurately triage product security issues and incidents to mitigate immediate threats.
Strong analytical / problem solving skills.
Strong interpersonal, influence and communication skills (written/verbal/presentation) at multiple levels and across boundaries; appropriately shares viewpoint and encourages the free exchange of information and opinions.
Demonstrated ability to work successfully within a geographically distributed team and customer environment and to build effective working relationships.
Demonstrates excellent project management and work planning skills; must be able to multitask effectively.
Continuous improvement and results orientation; acts with a sense of urgency and delivers results on-time and on-budget.
Has a winning attitude and instills a passion for winning with other team members, an attitude which is demonstrated by a "can do" approach.
Knowledge of modern Secure-SDLC concepts and leading practices.
Training and Certifications (required and desired)
Bachelor's degree in Computer Science, Information Technology or related field required with at least 7+ years combined IT security or Secure-SDLC;
Bachelor's & Master's degree in Computer Science, business, IT or related field with at least 4+ years combined IT security or Secure-SDLC experience
4+ years of experience in Secure-SDLC and processes.
4+ years of experience developing and reporting on metrics showing how the Secure-SDLC is secure.
3+ years of experience interacting with software development team to understand the requirements and translate it into security implementation.
Minimum of 1 (one) IT Security certification required.
Additional certifications in the information security field such as CISSP, CISM, or other security certifications a plus
Work is 100% Remote from Continental US on EDT hours
At Evolver, we foster teamwork, growth, individuality and entrepreneurialism. We value employee opinions and encourage them to make a difference by getting involved and being thought-leaders. As a part of the Evolver team, we actively promote a working and learning environment that supports a highly qualified workforce and a quality of work life that is based on trust and respect for all employees resulting in a healthy and trusting organizational culture.
Evolver, Inc. is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, gender identity, disability or veteran status. Evolver offers a comprehensive benefits plan including (but not limited to): medical, dental, vision, 401(k), life, AD&D and short term and long term disability insurance.
Evolver, Inc. is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, disability or veteran status.