Information Security Analyst
You are in search of a career in the information security field, with broad interests ranging from application security to compliance. As a self-sufficient and high motivated individual, you are comfortable working with minimal direction. You have a solid understanding of information security, yet understand that some risks must be taken in order to advance the business. While process-oriented, you are tolerant of change and volatility. Finally, you enjoy a challenge and your interpersonal skills are exceptional.
About the Position
The information security team is responsible for ensuring security policy compliance for various business units spanning the Americas. We are seeking an individual contributor-level team member to support our efforts around vulnerability management as well as governance and compliance. This role is primarily administrative in nature. This requires one to function in a governance-oriented capacity, providing guidance in the areas of desktop, server, and network security while depending on other information technology teams to actually implementation these best practices. However, select aspects of the job are very hands-on; specifically in the areas of vulnerability management and threat validation. The position is quite diverse in that the breadth of coverage spans practically all domains of information security.
Oversee the setup and general administration of vulnerability scanning activities.
Periodic review of desktop, server, and network security to ensure adherence to security policy.
Supervise outsourced penetration testing efforts around all new web development projects.
Continuously monitor consolidated Syslog and NetFlow events within SIEM system.
Work in concert with other teams to eradicate desktop, server, and network-level threats.
Collect and compile metrics around inventory, vulnerabilities, and other security measurements.
Comprehend technical issues, and then articulate them in a high-level and risk-oriented fashion.
Maintain data loss prevention (DLP) system and associated signatures.
Provide expert advice around common technology practices such as cloud computing and BYOD.
Hands-on experience with vulnerability scanning tools; preferably in larger environments
Familiarity with ISO27000 series security standards
In-depth understanding of Microsoft Windows and Active Directory technologies
Comfortable navigating the Linux operating system
Detailed understanding of core Internet applications, including SMTP, DNS, DHCP, et al.
Knowledgeable in web application security with emphasis in OWASP Top 10 vulnerabilities
Well-versed in network engineering topics such as the OSI model, routing, and switching
Considerable past experience with enterprise-class firewalls
Basic understanding of various cryptographic methods and associated key management types
Rudimentary grasp of project management and SDLC concepts
Ability and willingness to familiarize oneself with general business functions
Any experience in software development is a significant plus
Education and other Requirements
Bachelor’s degree in technology-related discipline or equivalent experience
Tenure of at least five years within a dedicated information technology capacity
Desirable certifications include:
o Certified Information Systems Security Professional (CISSP)
o Certified Ethical Hacker (CEH)
o Certificate of Cloud Security Knowledge (CCSK)
o Microsoft Certified Solutions Expert (MCSE)