Security Analyst

Summary of Responsibilities:

The Security Analyst is responsible for the planning, implementation, and maintenance of the security controls within the organization.   These activities include working directly with the security operation center to evaluate and escalate risk to the organization.   The analyst is responsible for partnering with the security and compliance organizations to make recommendations on the next steps required to reach a higher maturity level within the organization.  In addition, the role will be responsible for defining, implementing, and maintaining the security standards for the organization. 

Essential Functions                              

• Security Controls – Utilize the security tools within the organization such as Proofpoint, CrowdStrike, and McAfee to enhance the security posture of the organization

• Security Assessment – Maintain and improve the current dynamic and static code analysis tools within the organization.

• Compliance – Ensure all associates working on PCI/SOX systems have performed security training.

• Privileged Request – Evaluate all privileged access request and firewall request within the organization to ensure the request is in line with the organization standards.

• Vendor/Tool Selection – Partner with the vendor management office to perform evaluations of new vendors and tools within the organization to ensure proper risk mitigation.

• Standards – Create or review the organization standards to ensure security practices are clearly outlined for the organization. 

• Incident Response – Partners with the security operations staff to assist with incident response.  This will include evaluation of risk to the environment based upon information gathered from the security tools of the organization.

• Vulnerability Scanning – Run penetration testing of the applications and infrastructure and make recommendations on remediations.

Requirements:

The ideal candidate will possess the following:

• Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience.

• 3-5 years of experience in the areas of Information Technology, Information Security.

• CISSP required. Other certifications preferred

• Strong working knowledge of:

• End point security solutions, IDS/IPS, Firewalls, Web Application Gateways, Logging and Monitoring (ex. Splunk), mail gateways, vulnerability management systems (ex. Rapid 7, Nessus, Qualys)

• Control frameworks and control objectives

• Cloud Computing (AWS, GCP, Azure)

• Operating systems, databases and middleware components

• Working knowledge of hardening standards for operating systems etc

• Self-motivated and results-oriented, including ability to prioritize conflicting demands.

• Exceptional organizational skills to balance work and lead projects.

• Strong verbal and written skills

• Strong initiative, consensus-building and ability to collaborate directly and build strong relationships with a variety of internal and external stakeholders (business, development, compliance, etc.)

• Ability to adapt and apply information to new scenarios and technologies