[Remote] Sr Cyber Security Analyst

Note: The job is a remote job and is open to candidates in USA. Federal Express Corporation is seeking a Senior Cyber Security Analyst to join their Product Security team. In this role, you will create cyber-intelligence solutions to prevent attacks and provide security guidance while collaborating with agile development teams to mature the security program.

Responsibilities

• Collaborate with the manager and team members to define and mature the Product Security program's long-term strategy, processes, and roadmap
• Serve as a senior security resource for agile development teams. Lead sprint security discussions, drive security-focused backlog grooming, and act as a trusted technical advisor to developers
• Independently lead security design reviews and secure code reviews for new features and architectures, identifying and remediating vulnerabilities including OWASP Top 10 and cloud-specific risk patterns
• Facilitate and lead threat modeling sessions, producing actionable threat models, risk documentation, and mitigation plans
• Own the evaluation, configuration, and continuous tuning of security tooling in the CI/CD pipeline (SAST, DAST, SCA); drive actionable remediation with engineering teams based on findings
• Own end-to-end vulnerability identification, triage, prioritization, and remediation tracking for assigned product teams
• Apply cloud security principles and best practices to support the organization's ongoing migration to public cloud like GCP, including secure architecture review, IAM, and workload protection guidance
• Provide mentorship and technical guidance to team members, actively helping grow the team's collective capabilities

Skills

• Bachelor's degree in computer science, information systems, or related degree, and/or equivalent formal training or work experience
• Four (4) years of experience in IT information security
• General knowledge of hardware, software, and network
• Ability to work independently, exercise sound technical judgment, and deliver results in a fast-paced, evolving environment
• Experience contributing to or maturing a security program within a large, complex organization
• Familiarity with GCP-native security tooling relevant to the software supply chain and container security (e.g., Artifact Registry, Binary Authorization, Cloud Build)
• Experience with cloud-native architectures and their security considerations, including container security and Kubernetes (e.g., GKE)
• Ability to identify and automate repetitive security tasks to improve team efficiency and scale security operations
• Relevant security certifications (e.g., CSSLP, GWEB, GWAPT, GPEN, or equivalent)
• Familiarity with security requirements in a regulated or critical infrastructure industry
• 5+ years of experience in technical engineering (software, security, or systems engineering)
• 3+ years of hands-on experience in application security or product security
• Proficiency in at least one programming language (e.g., Python, Java, Go, C#) with the ability to read and review code for security vulnerabilities
• Deep familiarity with common vulnerability classes (OWASP Top 10, CWE Top 25) and a demonstrated ability to identify and guide remediation in a codebase
• Hands-on experience with security tooling in a CI/CD pipeline (e.g., SAST, DAST, SCA)

Benefits

• An employee may be eligible for additional pay, premiums, or bonus potential.
• The Company offers eligible employees health, vision, and dental insurance, retirement plans, and tuition reimbursement
• Reasonable accommodations are available for qualified individuals with disabilities throughout the application process.

Company Overview