Role : Senior Security Analyst Location : Boston, MA Duration : 6 Months Please send me your updated resume to email@example.com or can reach me at 201-340-8700 Ext: 420. Requirement / Responsibilities: Investigate potential security incidents using forensically sound methods and techniques. Execute the Computer Security Incident Response (CSIRT). Develop and maintain the enterprise security program.
Duties include and are not limited to the operation and management of security applications that are part of the security program. Due to the inherent volatility of investigative response and security project work, the candidate will be expected to discharge the various responsibilities assigned to their role while successfully managing a variable case load. The candidate will be responsible for integrity in analysis, quality in customer deliverables, gathering case-load intelligence, as well as assisting in security requirements and controls development. Additionally, as a Senior Security analyst, this position must provide support for business facing interactions with other contractors and internal customers.
The candidate must be well versed and capable of leading an investigation, defining and executing security projects, managing security systems, working with business and management stakeholders at all levels. The candidate will be expected to possess advanced Security and IT technical experience, strong communication and presentation skills, and must be technically able to hit the ground running in most any back office environment. The candidate must be able to assist customers in responding rapidly and effectively to computer-related incidents and should consistently exceed expectations while working in a customer-facing setting. The capability to quickly identify the source of a security breach and move toward containment is essential.
Proficiency in conducting live analysis on networks and across multiple platforms is expected. The candidate must possess the ability to articulate well in both written and oral communication. They must also be able to manage multiple investigations on a daily basis. The successful candidate must be very detail-oriented and must be able to interact with other security staff and business leaders effectively, in person or by phone.
Critical thinking, problem solving and the ability to endure long working hours and travel to a multi-site environment is vital. This position has a 24/7 on-call component. On-Call accountabilities rotate among the team. Key Accountabilities: List major accountabilities in order of importance.
Include the following, though other duties may be assigned. Respond to computer security incidents according to the Computer Security Incident Response Policy (CSIRP). Provide guidance to first responders for handling information security incidents. Coordinate efforts among multiple business units during response.
Provide timely and relevant updates to appropriate stakeholders and decision makers. Provide investigation findings to relevant business units to help improve information security posture. Validate and maintain incident response plan and processes to address potential threats. Compile and analyze data for management reporting and metrics.
Threat Management: Monitor information security related web sites (US-CERT, SANS Internet Storm Center, etc.) and mailing lists (DHS Infrastructure, BugTraq, etc.) to stay up to date on current attacks and trends. Participate in industry task forces and working groups (Financial Services Information Sharing and Analysis Center (FS-ISAC), FBI InfraGard, Anti-Phishing Working Group, etc.) where appropriate to understand current and future threats to healthcare payers. Analyze potential impact of new threats and exploits and communicate risks to relevant business and IT units. Forensic Investigations & Analysis: Conduct computer forensic investigations and electronic discovery requests for legal and corporate clients, using proprietary methodologies and cutting edge forensic tools.
Support the Director of Security Governance & Policy Assurance by communicating the progress and any issues of all investigation cases, and support the ISO and IT Infrastructure team’s efforts when requested, by assisting with security event/incident calls from corporate managers/directors, attorneys, and outside law enforcement. Will also network with members of local trade associations and other groups of interest that support continuous improvement of our internal forensic and incident response enterprise capabilities. Challenges/Problem Solving: Will face high time pressure and demand related to incident and potential breach management responses. This role contains significant skill and competency requirements to perform investigations and gather evidence against complex forensic requirements to meet legal and regulatory mandates.
Containment of any incident will be critical to minimize significant business exposure to identity theft and data loss prevention. Decision Making Authority: Decision authority will be limited to the technical aspects of security forensic activities. Leadership Responsibilities: Leads all security forensic investigations to support Legal, outsourced IT Partners, HR, ISO and Privacy business areas. Qualifications (knowledge/skills/abilities/behaviors): The ability to work extremely well under pressure, while maintaining confidentiality, and a professional image and approach with customers is critical.
This position requires competency in the tools, techniques, and methodologies surrounding incident response, computer forensics, and eDiscovery. A strong training / certification base relating to computer forensics and computer incident handling is required. The ideal candidate should have knowledge and experience in the following operating systems: UNIX, Linux, Windows, MacOS, HPUX, AIX and Solaris. The candidate must have understanding of information security; network architecture; general database concepts; document management; hardware and software troubleshooting; email systems, such as Microsoft Exchange and Lotus Notes; Microsoft Office applications; and computer forensic tools such as EnCase and FTK.
Experience conducting security assessments, penetration testing, and ethical hacking are required. Current PCI QSA/QIRA certification within the last year or current GCFA or equivalent. A background in evidentiary procedures, volatile criminal/civil situations, fraud analysis and IR fundamentals are ideal as is a strong network of contacts within the industry. In-court experience is preferred.
Education/Relevant Experience: The candidate must have at the very least a B.A. or B.S. from a four year accredited university, and minimum six years of related industry experience. The successful candidate will have a combination of education and experience related to the essential duties and responsibilities of the position.
Previous experience in a security related role from professional sector firms or government cyber security of homeland defense is desirable. Demonstrated experience of managing the day-to-day aspects of protected customer relationships, as well as IT investigative cases and corporate security incidents is a must. A successful candidate should have experience in electronic crimes law enforcement, military intelligence, or with a security professional services organization. Post graduate degrees, certificate programs in relevant areas, which demonstrate analytical writing will also be considered.
CISSP certified / qualified or ability to pursue obtaining these certifications within six months of hire. SANS GCIH or GCFA, CISA, CISM, EnCE[Registered] certification(s) preferred but not required. _________________________________________________________ Yochana Technical Recruiter Net2Source Inc., SBE Certified (State of NJ) Board: (201) 340 8700 Ext.: 420 | Fax: (201) 221-8131 Email: firstname.lastname@example.org [ mailto: email@example.com ] Computer Security Incident Response (CSIRT), UNIX, Linux, Windows, MacOS, HPUX, AIX and Solaris
Dice - 14 months ago
Net2Source Inc. is a leading Global Consulting and IT services company, headquartered in New Jersey having its offshore support centres in...