How would you like to work for a great company that offers career growth and values your skills and experience? For over 150 years, Commerce Bank has built a strong reputation as a “Super Community” bank and is recognized as an industry leader. In today's growing and competitive financial services industry, we look for creative and innovative solutions to meet the needs of our customers. To achieve our results, we recruit the best and brightest employees who ask, listen and solve to meet our customers’ needs!
The Information Security Analyst IV is responsible for adhering to Incident Response protocol, administering Information Security systems, assessing information risk, and identifying and remediating vulnerabilities for IT security across the enterprise.
As a Security Analyst IV, this position will support the integration of the application security program within the SDLC. This position will be responsible for performing application vulnerability penetration tests, static and dynamic application testing, manual penetration tests, and work with administrators and developers to remediate vulnerabilities. Other duties will be to assess information security risks with new and existing application environments, provide mentoring to those as assigned, produce written reports of findings, risk, and recommendations, and assist with further development of information security practices and standards. This position will also integrate application security automation into continuous delivery environments. Additional tasks will include coordinating roundtable discussions with other team members to educate developers around secure development practices.
This position requires regular, predictable and timely attendance at work to meet department workload demands
Work Hours: Monday – Friday, 8AM-5PM (with minimal evening and weekend work required)
The ideal candidate will possess:
• Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field desired.
• 5+ years Information Security work experience
• 3+ years experience in application penetration testing including static, dynamic, manual, and mobile penetration testing.
• GWAPT and GMOB certifications preferred.
• 2+ years development experience in Java and/or .NET
• Fluent in OWASP Top 10 and SANS Top 20 programming errors
• Must demonstrate experience with vulnerability scanning tools such as Nessus, Burp Proxy, Metasploit, FoundStone, Retina, AppScan, ZAP, and WebInspect.
• Understand regulatory compliance in the areas of Gramm-Leach-Bliley Act and PCI DSS.
• Certified Information Systems Security Professional (CISSP), or related certification.
• Project management skills or experience working within Information Security project implementations.
• Strong work ethic, problem solving skills, customer service orientation, and proven dependability and promptness.
• Good communication skills, well developed interpersonal skills, in addition to teamwork and collaboration attributes.
• Creative problem-solving, analytical, presentations, and organizational skills.
• The ability to plan, organize, and deliver professional technical documents on time.
• Self motivation and capability to successfully complete projects and provide support with little supervision.
• Skills in creating documentation and procedures for a variety oftechnologies.