Information Security Senior
Security Senior Analyst, Engineering & Ops
Information Security Senior Analyst within Security Engineering and Operations assists
with a variety of information security tasks in support of the Chief Security
Officer for the firm, globally.
Senior Analyst has demonstrated in past roles the ability to work effectively
with limited supervision on security related tasks and projects to drive
results and build positive relationships with coworkers and customers (both
internal and external).
will have an active role as a contributor and leader in managing access to
sensitive information and systems; data leakage protection activities; firewall
and network device rule reviews and compliance assessments; administration of
encryption key and certificate management tools; management of privileged
accounts and passwords; network device ACL reviews; construction and revision of
device hardening standards; device hardening assessments; implementation of
security services, software and systems globally; project review work for
security adherence and concerns.
with the Information Technology team and the rest of the security group, the incumbent
will monitor, assess and update the environment to safeguard resources and
information assets across the firm, both domestically and internationally.
Perform device reviews to ensure compliance
with hardening standards, access controls and security related configuration
Management of elevated user and service
Monitor and advise on information security
issues related to the systems and workflow at Asurion to ensure the internal
security controls for the company are appropriate and operating as intended.
Coordinate, execute and lead IT security
Coordinate response to information security events.
Participate in the development and publication
of Information Security procedures, standards and guidelines for device
hardening, device compliance and access control lists.
Assist with executing remediation plans for
any gaps reported in audits or recommended process improvements that effect
data leakage, network device compliance, certificate/key management, systems
access and elevated account management.
Collaborate with Security and IT management,
the Legal department, Fraud department, Human Resources and law enforcement
agencies to manage security vulnerabilities or inquiries.
Regularly exercises influencing skills to
assist individual leaders and teams to make security minded decisions.
Review project related material for internal
and external projects that are software, hardware and/or network related to
assist in ensuring that secure solutions are being designed, developed and
implemented that meet security standards and requirements.
Conduct security research to keep abreast of
latest security issues.
Prepares security documentation including
department procedures, standards, company notifications and alerts in support
of other Information Security teams within the Risk department.
Perform other related duties as assigned.
BA or BS in Computer Science, Management Information
Systems, or related field desirable, practical experience plus education and certifications
may be considered.
Six to nine years of progressive experience
in computing and information security, including experience with Internet
technology, security technology, issue resolution and leading teams in a cross
functional, global setting.
Experience should include security standards
development, security education, network penetration testing, application
vulnerability assessments, risk analysis, account management, management of gap
remediation, compliance testing and leadership of teams.
CISSP, GSEC, GIAC, CEH or other security related
Windows or Cisco certification for server
administration or network administration desired.
Knowledge of information security standards
and controls (e.g., ISO 17799/27001/27002, COBIT, COSO, PCI, etc.), rules and
regulations related to information security and data confidentiality and
desktop, server, application, database, network security principles for risk
identification and analysis.
Familiarity needed with several key security
technologies: Cisco security products, TippingPoint, Check Point, DLP packages
(Symantec Vontu), certificate and key management tools, ticketing systems, Active
Directory management tools (Quest), anti-virus endpoint management, network
anti-malware (FireEye, Palo Alto), firewall monitoring and OS compliance
Strong analytical and problem solving skills
A practiced ability to influence peers,
customers and project teams to make security minded decisions and changes.
The ability to operate under ambiguous
circumstances, address uncomfortable issues and leverage data to make informed
Excellent communication (oral, written,
presentation), interpersonal and consultative skills are required.
position requires some weekend and evening assignments as well as availability
during off-hours for participation in scheduled and unscheduled activities.
Asurion - 17 months ago
For two decades, Asurion has led the technology protection industry around the globe. The Company provides premier support solutions to...