Information Security Analyst

Information Technology Remote, Pennsylvania


Senior Security Engineer
Information Technology | United States

The Senior Security Engineer is a member of the Client Engineering Team providing information security strategy, controls, objectives, standards, management processes, documentation and technology procedures to ensure that information assets are adequately protected with acceptable levels of control. These controls enable the business to operate efficiently, cost-effectively and in compliance with regulatory and industry best practices.


Responsibilities


• Engineer and implement security policy, programs, process, tools and metrics utilizing security frameworks such as Center of Internet Security controls focused on Inventory and Control of Hardware and Software Assets, Continuous Vulnerability Management, Secure Configuration for Hardware and Software on Laptops and Workstations, and Account Monitoring and Control.
• Operate, engineer and continual improvement of Corp IT security systems, software, and tools including but not limited to configuration management, vulnerability management, hardware and software inventory, identity and access, UEM and security logging.
• Security system, software and tool endpoint deployment and health management. Create, report and manage KPIs, metrics, and dashboards for endpoint security software compliance including agent health and operation.
• Continuous vulnerability management that includes scanning and remediation of endpoints - including OS and 3rd party software, adhering to vulnerability management program standards. Create, report, and manage KPIs, metrics, and dashboards based on Avalara security standards.
• Actively manage inventory and control of authorized hardware and software assets function. Includes discovery, inventory, classification, and collaboratively designing solutions for prevention of unauthorized hardware and software.

• Collaborate with security team to develop and implement Secure Configuration for Hardware and Software on laptops and workstations (Windows and MacOS).

• Discovery and analysis of end user software, connectivity and workflow needs in order to adjust security patterns and practices to continually meet the needs of the business while optimizing end user productivity and efficiency. Act as the IT security champion with an emphasis on also being the voice of the end user.

• Engage, collaborate, consult and assist fellow employees and organizations regarding cybersecurity systems, software, procedures, programs, and policy needs. As the primary IT team security champion there is a strong emphasis on positive interactions, productive dialogue, and consistently driving security program evolution forward.

• Act as primary liaison between IT Client Engineering Team and security teams for new projects and initiatives collaborating in problem analysis and solution design which can include subject matter expert level knowledge to ensure security and compliance requirements are met while balancing end user productivity and efficiency.

• Actively manage the lifecycle of system, application and user accounts as described in Account Monitoring and Control CIS function.


Qualifications

• Bachelor's Degree in an STEM discipline • Minimum of 3-5 years IT experience focused on client and endpoint management • Minimum of 5 years of experience performing IT Security Operations and Engineering including incident response, vulnerability assessment, continuous monitoring, security technology planning, implementation and operation • CISSP, CEH, SANS certifications, technology certifications and other security certifications is a plus

Avalara is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law.