Security Analyst I
The Information Security – Analyst is a hands-on position that is responsible for maintaining enterprise information security policies, technical standards, guidelines, procedures, and other elements of an enterprise infrastructure necessary to support information security in compliance with established company policies, regulatory requirements (ex. PCI, SOX, HIPAA), and generally accepted information security controls (ISO 27001/2, NIST, etc.) and security best practices (OWASP, SANS, etc.).
Strategy & Planning
- Participate in the planning and implementation of enterprise security architecture, under the direction of the Manager of Information Security, where appropriate.
- Provide security design expertise, direction, and assistance to Systems Analysts, Systems Engineers, and other Systems Architects.
- Perform audits of security devices, policies, and rules to ensure compliance with all regulatory standards, information security controls, and best business practice.
- Develop and maintain security solutions that facilitate the company’s strategic business needs.
- Conduct research on emerging technologies in support of systems development efforts, and recommend technologies that will increase improve the enterprise security posture.
- Recommend security control and systems to support business goals of the company.
- Implement security systems that have positive budgetary impact by reducing costs and increasing productivity.
- Enhance the company’s information assets by contributing to its security, integrity, efficiency, availability, and accuracy.
- Familiar with identity management, role methodologies, and least privilege principles.
- Perform strategic analysis; apply advanced principles, theories, and concepts to resolution of problems.
- Establish and communicate design and architecture standards via mentoring, technical presentations, and white papers.
- Interact with all levels of customers, users, and vendors, including executive management, technical personnel, and contractors.
- Identify, prioritize and onboard internal, application data feeds to the SIEM platform.
- Monitor and maintain overall system health of the SIEM infrastructure.
- Experience working with mainstream firewall platforms.
- Interacting with other teams as an interactive member of the security team.
- Assist with Change Management preparations and implementations, providing technical subject matter expertise.
- Provide security analysis and consultation services for product, system and Data Protection architecture designs.
- Attend, and periodically lead meetings with the team.
- Assist with other projects as may be required to contribute to efficiency and effectiveness of the group.
- Lead incident response efforts across the enterprise.
- BS/BA Degree preferred.
- Minimum 4 years’ experience in Information Security. A background in security operations or design & engineering role or any combination of education and experience, which would provide an equivalent background.
- Significant experience with multiple technical and business disciplines preferred.
- Working knowledge of Role Base Security models and implementations within a diverse environment.
- Working knowledge and understanding of industry-accepted data processing controls and concepts as applied to hardware, software, data network communications, and people.
- Security Certifications: Security+ or CISSP preferred or other technical security certifications.
- Familiarity with Security Audit Processes, Compliance Remediation, and Best Practices.
- Previous professional experience with enterprise SIEM is required.
- Previous professional experience with Enterprise Monitoring Suites.
- Experience managing log sources, log types, and parsing rules.
- Custom log parsing configuration development experience is highly preferred.
- Understanding of Information Security with relevant work experience and/or relevant education/certifications.
PREFEREED: JOB QUALIFICATIONS:
- Experience with Palo Alto firewalls
- Experience with LogRhythm enterprise SIEM
- Network certifications
- Cloud security certification
Lands’ End, Inc., is an Equal Opportunity/Affirmative Action/Veterans/Disability Employer.