The Security Analyst will play a key role in helping establish our security by focusing on enhancing the security posture of our hosting infrastructure and Cloud services. The information security analyst will help work to develop and implement a comprehensive information security program. This includes defining and implementing security policies, processes, and standards. The security analyst will select and deploy technical controls to meet specific security requirements.
- Evaluate and enforce IT security controls, security policies, and secure computing practices. Integrate with various teams on technology initiatives to improve the security of our systems and operations. Document policies, processes, and controls.
- Perform scheduled vulnerability scanning, pen testing and reporting.
- Assess and manage vendor risk. Manage a diverse set of security platforms and generate reports for review with action items.
- Operate SIEM and other intelligence systems to monitor the environment for actionable events.
- Manage security tools and services for identity management, authentication, authorization and other security services.
- Coordinate incident response, analysis, remediation, and cleanup.
- Follow industry and best practices and procedures
- Create security-related documentation
- Enforce and validate IT security policies and best practices to achieve compliance with PCI, HIPPA etc.
- Complete security assessment documentation for customers.
Key Experience Requirements:
- 5+ years of experience in IT Security or related Infrastructure administration in a highly available and production environment
- Minimum of 4 years’ experience implementing and following security frameworks or compliance standards, such as PCI-DSS, CIS Controls, NIST, COBIT, etc.
- Experience working on projects to achieve PCI, HIPPA and SOC compliance.
- Hands-on experience working on security tools
- Certifications or training that demonstrate a commitment to continued professional information security advancement such as GIAC, CISSP, CRISC, CISM, CISA
- Working knowledge and experience with security such as vulnerability management, incident response, threat management, and others.
- Strong knowledge of firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application whitelisting and endpoint protection.