Information Security Analyst - 14942
Talent Merchants - Foster City, CA

This job posting is no longer available on Talent Merchants. Find similar jobs:Information Security Analyst jobs - Talent Merchants jobs

Information Security Analyst

About You
You are in search of a career in the information security field, with broad interests ranging from application security to compliance. As a self-sufficient and high motivated individual, you are comfortable working with minimal direction. You have a solid understanding of information security, yet understand that some risks must be taken in order to advance the business. While process-oriented, you are tolerant of change and volatility. Finally, you enjoy a challenge and your interpersonal skills are exceptional.

About the Position
The information security team is responsible for ensuring security policy compliance for various business units spanning the Americas. We are seeking an individual contributor-level team member to support our efforts around vulnerability management as well as governance and compliance. This role is primarily administrative in nature. This requires one to function in a governance-oriented capacity, providing guidance in the areas of desktop, server, and network security while depending on other information technology teams to actually implementation these best practices. However, select aspects of the job are very hands-on; specifically in the areas of vulnerability management and threat validation. The position is quite diverse in that the breadth of coverage spans practically all domains of information security.


Oversee the setup and general administration of vulnerability scanning activities.

Periodic review of desktop, server, and network security to ensure adherence to security policy.

Supervise outsourced penetration testing efforts around all new web development projects.

Continuously monitor consolidated Syslog and NetFlow events within SIEM system.

Work in concert with other teams to eradicate desktop, server, and network-level threats.

Collect and compile metrics around inventory, vulnerabilities, and other security measurements.

Comprehend technical issues, and then articulate them in a high-level and risk-oriented fashion.

Maintain data loss prevention (DLP) system and associated signatures.

Provide expert advice around common technology practices such as cloud computing and BYOD.


Hands-on experience with vulnerability scanning tools; preferably in larger environments

Familiarity with ISO27000 series security standards

In-depth understanding of Microsoft Windows and Active Directory technologies

Comfortable navigating the Linux operating system

Detailed understanding of core Internet applications, including SMTP, DNS, DHCP, et al.

Knowledgeable in web application security with emphasis in OWASP Top 10 vulnerabilities

Well-versed in network engineering topics such as the OSI model, routing, and switching

Considerable past experience with enterprise-class firewalls

Basic understanding of various cryptographic methods and associated key management types

Rudimentary grasp of project management and SDLC concepts

Ability and willingness to familiarize oneself with general business functions

Any experience in software development is a significant plus

Education and other Requirements

Bachelor’s degree in technology-related discipline or equivalent experience

Tenure of at least five years within a dedicated information technology capacity

Desirable certifications include:
o Certified Information Systems Security Professional (CISSP)
o Certified Ethical Hacker (CEH)
o Certificate of Cloud Security Knowledge (CCSK)
o Microsoft Certified Solutions Expert (MCSE)