Information Security Analyst
At Deem, we create products that give employees everything they need to make better travel decisions, wherever they are. With the most intuitive, secure, and powerful travel solutions, companies save money, their employees stay connected, and everyone gets more done. That’s why more businesses are embracing Deem.
Deem is used by more than 50,000 corporate customers and plugs into the world’s largest travel management companies and expense providers. The company is headquartered in Silicon Valley, California, with offices in Bangalore, India and Dublin, Ireland.
Deem is wholly owned by Enterprise Holdings, the world’s largest car rental provider, and an industry leader in mobility and technology. Enterprise Holdings is one of the top global travel companies, ranking ahead of all other car rental companies, many airlines and most cruise lines, hotels, tour operators and online travel agencies, based on its annual revenues.
We are seeking a talented, energetic, hands on and proactive Information Security technical analyst to contribute towards an overall plan and operations that meets Deem's security needs.
The Information Security Analyst is to ensure that the company maintains its strong security posture, compliance with regulations and safeguard our customer’s data. This includes assessing server and firewall logs, scrutinizing network traffic, establishing and updating vulnerability scans. This person will also analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required.
- Help maintain, and oversee enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.
- Assess need for any security reconfigurations (minor or significant) and drive them if required.
- Keep-up with current and emerging security alerts and issues.
- Conduct research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
- Play a key role in our transition into cloud, the candidate will assist in implementing /recommending security focused cloud centric solutions and setting polices accordingly.
- Assist with the monitoring of all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography capabilities, and anti-virus software.
- Ensure the security of databases and data transferred both internally and externally.
- Capable of performing penetration testing our systems in order to identify system vulnerabilities.
- Analyze network vulnerably by analyzing results of Internal and External scans.
- Design, implement, and report on security system and end user activity audits.
- Monitor server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution.
- Recommend (where appropriate) applying fixes, security patches, any other measures required in the event of a security breach.
- Recommend / test new security software and/ or tools / technologies
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Ability to conduct research into security issues and products as required.
- Coordinate information protection effort to comply with industry standard audits including (SSAE-18, PCI, ISO)
- 5+ years in a similar position, or experience in the security field at medium or large SaaS company
- Industry-standard certification, CISSP, CISA or equivalent
- Hands-on knowledge of network equipment and software’s such as switches, IDS/IPS, DIP, Firewalls, VPN, SIEM, WAF, Endpoint security along with a variety of assessment tools
- Technical understanding of network and platform operating systems
- Technical understanding of TCP/IP and network administration/protocols
- Technical understanding of cloud environment in general
- Working knowledge of ISO, PCI and SOC
- Capable of performing penetration tests and collaborating with Engineering on the static and dynamic security analysis and remediation
- Understanding and up-to-date knowledge of the web security threats (XSS, code injection, etc.)
- Capable of running, analyzing and recommending solutions based on internal/external network scans as part of vulnerability management program
- Strong troubleshooting and forensic skills and ability to effectively work in cross functional teams as needed to resolve issues
- Intuition and keen instincts to pre-empt attacks
- High level of analytical and problem-solving abilities
- Strong written, oral and interpersonal communication skills