Sr Information Security Analyst
Job ID : 2013-16366
# of Positions: 1
Posted Date: 6/10/2013
Job Location: US-MA-Boston
Position Type: Regular Full Time
Category: Information Technology
Pearson has one defining goal: to help people progress in their lives through learning. We champion innovation and we invest in models for education that deliver on our promise for effective, accessible, and personal learning from early literacy, college and career readiness to professional education, through data informed instruction and inventive applications for mobile and digital learning.
Pearson, the world's leading learning company, has global-reach and market leading businesses in education, business, and consumer publishing and is listed on the London and New York stock exchanges (UK: PSON; NYSE: PSO). For more information, visit www.pearson.com.
Pearson is an Equal Opportunity and Affirmative Action Employer, and a member of E-Verify. All qualified applicants, including minorities, women, veterans, and people with disabilities are encouraged to apply.
At Pearson, information security is a TOP PRIORITY! As we continue our mission to be the leader in educational services and digital delivery, we need a Principal Information Security Analyst to help decrease the impact of security activities on production while simultaneously reducing the organization’s overall risk posture. This person must be able to identify our unique risks, design strategies to reduce them, and integrate these solutions into a DevOps culture.
- Lead the integration of Information Security into DevOps teams and processes to reduce the impact of security on high-velocity releases while maintaining an appropriate risk level.
- Serve as a thought leader by promoting security awareness, mentoring other team members, and staying up to date on current DevOps and information security trends.
- Design and implement automated methods to increase the security posture, availablity, and stability of systems and applications before deployment.
- Design of comprehensive Information Security Architecture(s), leveraging the architecture(s) as part of an overall technology and process framework to identify, classify, and mitigate company risk.
- Drive further maturation of the vulnerability management process through advances in identifying, tracking, and reporting on vulnerabilities.
- Lead and participate in risk assessment activities, including configuration reviews, vulnerability assessments, and web application security assessments (WASAs), analyzing the output of these assessments to produce recommendations of acceptable risk mitigation strategies and risk levels.
- Responsible for incident response oversight, forensic investigations of possible or proven security breaches or incidents, and the design and implementation of incident response drills. Maintain incident response procedures.
- Serve as a liaison with internal and external organizations: corporate Information Security, IT, Internal Audit, client services, customer information security groups, 3rd party security contractors / vendors, and law enforcement.
- Design and oversee updates and additions to information risk systems (e.g IDS, WAF, SIEM), including business case development.
- Responsible for identifying the need for, evaluating, implementing, monitoring, and maintaining information security policies and procedures.
- Performs other duties as assigned.
- Experience working in a DevOps or DevOps-style environment.
- Experience working in a high-availability, high-transaction, and rapidly scaling IT environment which supports Internet-based applications. Further experience working in a multi- platform, multi-protocol, distributed enterprise computing environment.
- Superior oral, written, and presentation abilities in front of upper management as well as peers.
- Experience (5+ years) and knowledge preferred in the following technologies: core security tools (IDS/IPS, WAF, SIEM), operating systems (both Linux and Windows), programming languages (BASH Scripting, Python, PHP), web servers (Apache, Tomcat, IIS), and SQL and noSQL databases. Working knowledge of Unix and Windows authentication and user & group security policies. Solid understanding of IP networking.
- A high level understanding of web applications and architectures, relational databases, and hardware architectures, and effectively apply the principles of information security to the IT environment.
- Experience using governance frameworks such as ITIL and ISO 27002.
- Project management: Able to assess needs, define objectives, identify resources needed to achieve objectives and begin implementation towards goal completion.
- Relevant Information Technology, Network and Application Security Certifications a plus, CISSP or equivalent preferred.
- 8-10+ year's information security or network security experience
- Bachelor's Degree in an IT-related discipline or equivalent
Pearson Education - 23 months ago
Pearson is an international media company with world-leading businesses in education, business information, and consumer publishing. Our...