WHO WE ARE:

For over 20 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations.
Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It’s a place where you can genuinely make an impact – and be recognized for it.
We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers.
We encourage you to apply if your qualifications and experience are a good fit for any of our openings.
Your job:
The Software Security Analyst L1 is responsible for facilitating and conducting automated and manual security testing of Global Relay software. This position identifies, assesses, and follows up on remediation activities associated with application vulnerabilities.

Your responsibilities:

• Identify and document security vulnerabilities.
• Investigate security issues in order to determine specific steps for reproduction and scope.
• Create, maintain, and execute manual security test cases.
• Execute and analyze security scans using appropriate scanning tools (e.g. HP WebInspect).
• Provide reporting on the outcome of security testing.
• Document verification of security fixes.
• Develop competency in the OWASP Top 10 and derive new test methodologies based on Global Relay applications.
• Learn appropriate security tools (e.g. ZAP) that allow for manual and automated testing.
• Work with intermediate and senior software security team members to identify areas where security test coverage is lacking, and work to improve the security test coverage.
• Assist the intermediate and senior software security team members with assessment and test planning for upcoming releases.
• Assist the intermediate and senior software security team members with communication of new security testing initiatives to the development teams and work with the teams to finish them (e.g. test case reviews, presentations of new content).
• Improve test case documentation and grouping.
• Provide suggestions on improvements and see these through to completion.

About you:

• Knowledge of internet and network technologies; specifically TCP/IP, UDP, SMTP, HTTP, HTTPS, FTP, SFTP and FTPS; any other Internet and network technologies would be an asset.
• Good understanding of and exposure to security tools such as firewalls, IDS/IPS, anti-virus, anti-spam, and server and network device hardening.
• Ability to write and modify scripts and/or program in various languages, such as Python and PowerShell.
• Working knowledge of software security in general and of OWASP Top 10.
• Proven competence using MS Office and other desktop applications.
• Previous experience in software security testing or quality assurance methodology.
• Excellent verbal and written communication skills.
• Attention to detail and follow-up.
• Methodical and creative approach to problem-solving.
• Recognized security industry certifications, such as CompTIA Security+.

Working Conditions
Availability after hours for escalations

• Identify and document security vulnerabilities.
• Investigate security issues in order to determine specific steps for reproduction and scope.
• Create, maintain, and execute manual security test cases.
• Execute and analyze security scans using appropriate scanning tools (e.g. HP WebInspect).
• Provide reporting on the outcome of security testing.
• Document verification of security fixes.
• Develop competency in the OWASP Top 10 and derive new test methodologies based on Global Relay applications.
• Learn appropriate security tools (e.g. ZAP) that allow for manual and automated testing.
• Work with intermediate and senior software security team members to identify areas where security test coverage is lacking, and work to improve the security test coverage.
• Assist the intermediate and senior software security team members with assessment and test planning for upcoming releases.
• Assist the intermediate and senior software security team members with communication of new security testing initiatives to the development teams and work with the teams to finish them (e.g. test case reviews, presentations of new content).
• Improve test case documentation and grouping.
• Provide suggestions on improvements and see these through to completion