Information Security Analyst (Level 3)
The information security analyst is a senior member of the EventTracker SIEM team and works closely with the other members of the team to develop and implement a comprehensive information security program for our customers. The security analyst works with the IT department of our customers, to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.
- Works with our customer’s business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
- Reports to customer’s management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and non-compliance.
- Works with customer’s IT department and members of the information security team to identify, select and implement technical controls.
- Develops security processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
- Advises security administrators on normal and exception-based processing of security authorization requests.
Penetration Testing and Vulnerability Assessments
- Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action.
- Works with junior staff on deploying, tuning and running vulnerability-scanning and penetration-testing tools.
Incident Detection and Response
- Provides second- and third-level support and analysis during and after a security incident.
- Assists security administrators and IT staff in the resolution of reported security incidents.
- Participates in security investigations and compliance reviews, as requested by internal or external auditors.
- Acts as a liaison between incident response leads and subject matter experts.
- Monitors daily or weekly reports and security logs for unusual events.
- Provides status, updates and tracking progress to the enterprise compliance team for reporting purposes.
Information Security Architecture
- Researches and assesses new threats and security alerts, and recommends remedial actions.
- Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required.
- Minimum of five years’ IT or network security experience.
- Bachelor’s degree in information systems or equivalent work experience.
- Certification such as CISSP, GIAC, CeH are preferred, or other certifications at the discretion of the hiring manager.
- In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Experience with common information security management frameworks, such as ITIL, CoBIT, NIST frameworks.
- Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation.
- In-depth knowledge of risk assessment methods and technologies.
- Proficiency in performing risk, business impact, control and vulnerability assessments.
- Excellent technical knowledge of mainstream operating systems especially Microsoft Windows and Linux and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
- Experience in developing, documenting and maintaining security policies, processes, procedures and standards.
- Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
- Audit, compliance or governance experience is preferred.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- Ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives.
- Strong leadership abilities, with the capability to develop an information security team and guide team members and to work with only minimal supervision.
- Strong written and verbal communication skills.
- A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.
Please submit your resume and a cover letter indicating the position for which you are applying to: firstname.lastname@example.org. We will contact you if your qualifications meet with our criteria.
Qualified applicants are considered for employment without regard to race, color, age, national origin, religion, marital status, sex, sexual orientation, gender identity, gender expression, genetics, disability, protected veteran status or any other basis prohibited by applicable law. Netsurion and EventTracker, a division of Netsurion, are equal opportunity employers.