Senior Information Security Analyst (Architect)

Job Description

About ASCAP

The American Society of Composers, Authors and Publishers (ASCAP) is a membership association of more than 900,000 songwriters, composers and music publishers, and represents some of the world's most talented music creators. Founded and governed by songwriters and composers, it is the only performing rights organization in the U.S. that operates as a not-for-profit. ASCAP licenses a repertory of over 18 million musical works to hundreds of thousands of businesses that use music, including streaming services, cable television, radio and satellite radio and brick and mortar businesses such as retail stores, hotels, clubs, restaurants and bars. ASCAP collects the licensing fees; identifies, matches and processes trillions of performances every year; and returns nearly 90 cents of every dollar back to its members as royalties. The ASCAP blanket license offers an efficient solution for businesses to legally perform ASCAP music while respecting the right of songwriters and composers to be paid fairly. ASCAP puts music creators first, advocating for their rights and the value of music on Capitol Hill, driving innovation that moves the industry forward, building community and providing the resources and support that creators need to succeed in their careers. Learn more and stay in touch at www.ascap.com, on Twitter and Instagram @ASCAP and on Facebook.

• Work independently with developers, system/network administrators, product owners, design teams and other colleagues to ensure secure design, development, and implementation of applications and networks - defining and promoting a full SDLC program.
• Perform security architecture design reviews of our applications (primarily cloud).
• Perform code analysis of large applications manually and conduct manual vulnerability analysis.
• Provide remediation guidance and recommendations to developers and administrators.
• Work with development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
• Define security best practices and standards to ensure development teams understand them and receive pertinent annual secure coding training.
• Researches, evaluates, tests, and assists on implementation of new security solutions around DevSecOps and the application pipeline.
• Works closely with Jr. Security Analysts and security platform engineers to investigate and resolve security related events.
• Works alongside project management in a SCRUM environment to successfully monitor progress and implementation of security initiatives.

• Minimum five (5) years of experience at the senior level working in depth with various versions of Mac/MS/Unix/Linux operating system, networking, security devices, and securing web based and back office applications.
• Experience working with development teams to build secure solutions.
• Experience breaking down complex systems and applications to find flaws.
• Proficiency in reading, writing, and auditing Java and the ability to pick up new languages/technologies.
• Experience with secure coding practices and architecting secure applications written in Java.
• The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management.
• Security certification such as CISSP is preferred.
• Cloud security experience with AWS and Salesforce is a plus.
• Bachelor's degree in Computer Science or Information Security.
• A keen eye for detail, an analytical thinker and the ability to multitask.
• The ability to thrive in fast-paced, high stress situations.
• A problem solver with the ability to communicate effectively with peers, business partners and management.
• Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices.
• Experience providing security training to developers.

• A choice of either network only provider medical and dental plans or more flexible medical and dental plans where you can see providers in or out-of-network
• Vision plan that offers both in and out- of network provider options
• Immediate eligibility for 401(k) participation with an employer provided match
• An additional Employer paid retirement savings program regardless of your participation in the 401(k) Plan
• Generous time-off policy
• Health care and dependent care flexible spending accounts
• Short term disability Insurance / salary continuation and Long term disability insurance
• Company provided basic life and accidental death and dismemberment insurance
• Supplemental and dependent life insurance options