Position Overview: As a member of the rapidly growing Information Security Office, the Senior Information Security Analyst work across all business functions to identify and manage information security operations risks, adhere to modern regulatory and compliance needs and grow the company’s information security program and posture. This position should focus at hands-on endpoints and cloud information security operations tasks and be comfortable with helping and taking responsibilities with Identity & Access Management systems and Information Security Engineering tasks and projects.
A s a m e m b e r o f t h e r a p i d l y g ro w i n g I n f o rm a t i o n S e c u r i t y
O ffi c e , t h e S e n i o r I n f o rm a t i o n S e c u r i t y A n a l y s t w o r k a c ro s s a l l
b u s i n e s s f u n c t i o n s t o i d e n t i fy a n d m a n a g e i n f o rm a t i o n
s e c u r i t y o p e r a t i o n s r i s k s , a d h e re t o m o d e rn re g u l a t o r y a n d
c o m p l i a n c e n e e d s a n d g ro w t h e c o m p a n y ’ s i n f o rm a t i o n
s e c u r i t y p ro g r a m a n d p o s t u re . T h i s p o s i t i o n s h o u l d f o c u s a t
h a n d s - o n e n d p o i n t s a n d c l o u d i n f o rm a t i o n s e c u r i t y o p e r a t i o n s
t a s k s a n d b e c o m f o r t a b l e w i t h h e l p i n g a n d t a k i n g
re s p o n s i b i l i t i e s w i t h I d e n t i t y & Ac c e s s M a n a g e m e n t s y s t e m s
a n d I n f o rm a t i o n S e c u r i t y E n g i n e e r i n g t a s k s a n d p ro j e c t s .
Advanced hands-on endpoints and cloud information security operations support in the following areas:
Information Security Awareness and Training
Operational Risk Management and Oversight
Information Security Threat Management
Information Security Incident Response
Stay current on information security operations risks, trends, tools and industry best practices.
Effectively communicate InfoSec risks, requirements, metrics to the management, and InfoSec working groups.
Other duties and responsibilities as requested or assigned.
Information Security Operations:
Working closely with IT Team to provide advanced information security operational tasks and oversight across all business areas.
Performs periodic vulnerability assessments and risk mitigation activities and provide reports, metrics, and KRIs to management for review.
Develop information security training, awareness materials and program.
Identify, manage and remediate threats by monitoring endpoint systems and cloud applications.
Review systems logs and reports for potential unusual behavior and compromise.
Understand all security and privacy regulatory or compliance legislation like ISO 27001, CCPA, GDPR and disseminate relevant information where necessary.
Investigate and remediate any security related incidents.
Participates as an active member of the Incident Response Team to prevent information security breaches.
Work across company teams to provide information security operations and ensure the confidentiality, integrity and availability for all systems, networks and applications.
Identity & Access Management:
Oversee and review all identification and access systems and procedures for Software as a Services (SaaS) applications ensure secure access to resources.
·Performs user-based policy and role configuration functions for assigned security applications.
Review all third-party vendors access to ensure monitoring, alerting, and reporting of their activities.
Information Security Engineering:
Review and verify appropriate configuration management and security for all IT systems, SaaS applications, and services.
Recommends information security standards and system baselines to mitigate risk exposure and vulnerabilities.
Ensure availability of systems and successful business continuity through adverse events or issues.
At Least 3 to 5 years of hands-on experience with information security operational tools and best practices.
Deep understanding of cloud information security native tools and operations (Office 365, AWS and/or Azure).
Proficient with administrating and resolving security issues with major operating systems. (Windows, Mac, Linux).
Experience with implementing and maintaining cloud based SIEM, endpoint protection and encryption.
Experience with endpoint and cloud incident response and vulnerability assessments and mitigation.
Experience with Information Security guidelines and procedures development.
Comfortable with scripting and basic programming to accomplish security related Engineering tasks.
Basic understanding and experience with cloud based IAM solutions.
Must be able to coordinate with multiple roles to accomplish Information Security Operations needs in a complex, rapidly growing technology company.
Information security certifications like Microsoft Certified Solutions Associate, ANS GIAC certification, AWS Certified SysOps Administrator preferred but not required.