Our Security Team is expanding and is seeking a Senior Security Analyst that will be instrumental in the decision-making process in relation to the company’s security framework and tools structure. The chosen candidate will be expected to handle daily security-related tasks, as well as provide research and guidance to security-related projects the Security Team is involved in. This position will allow the candidate freedom to seek out additional projects that will improve the current security posture of the company, as well as future-proofing the company from security threats on the horizon.
Principal Duties and Responsibilities:
- Proactively guide team members on daily tasks and department projects.
- Monitoring threats as they pertain to the Company brand, technology and operations. Work with other departments on a daily basis, providing advisement and assistance when needed.
- Participate in the evaluation, development, and implementation of security standards, procedures, and guidelines for multiple platforms and diverse systems environments.
- Assists in developing, implementing and monitoring compliance requirements and Information security policies, standards and procedures, and other policies and standards as appropriate
- Utilizes tools and documented processes to ensure consistency and optimization of information security processes; work in support of efforts to measure and improve information security processes
- Prepares status reports on information security, or other matters to help develop, track, monitor and report on projects and initiatives
- Assist with and conduct risk assessments of IT infrastructure.
- Supports the analysis of underlying trends and action plans associated with information security and other domains
- Maintains records to allow for historical trending analysis
- Coordinate with systems architects and developers to provide guidance in the development and integration of secure design solutions.
- Develop systems and processes for security best practices.
- Ensure security is built into tools used by operations groups (security, network, DevOps, general user).
- Prepare reports on security incidents and changing responses
- Stay current with developing technologies, and emerging threat landscape and predict the impact of changing technologies.
- Bachelor’s degree in a Cyber Security related field or 5 years of equivalent education, training, and experience.
- Industry certifications in information security such as Security+, CySA+, GSEC or equivalent required.
- An understanding of information security technologies, markets, and vendors (firewall, intrusion detection, assessment tools, encryption, certificate authority, Web, and application development).
- An understanding of data network configuration and infrastructure concepts, including TCP/IP routers, internet/intranet/extranet, firewalls, web servers and security hierarchy including the application of encryption key infrastructures and authentication processes
- Proactive attitude, ability to work in a collaborative style on complex tasks and projects.
- Effectively manage the team on daily tasks and on a wide array of projects to ensure they are completed correctly and on time.
- Bachelor’s degree in Information Technology, Computer Science, or Business Administration, OR equivalent experience.
- Must possess an intermediate level of experience working with and administering a Linux environment.
- A solid understanding of perimeter and internal security monitoring of the IT environment.
- Demonstrated ability to conduct vulnerability testing and analysis of computers and networks.
- A candidate must have an understanding of common programming vulnerabilities.
- Must have experience with security governance and compliance efforts in PCI-DSS and knowledge of HIPAA, NIST, CIS CSC, SSAE16/SOC or ISO 27001.
- Must have excellent communication skills (written and verbal) and have the ability to communicate with all levels of staff and management.