Sr. IT Security Analyst
Sr. IT Security Analyst
We need a hands-on security analyst with a broad scope of skills that is looking to implement network and security best practices and administrate our growing suite of security tools. This position is extremely dynamic in the skills required but will require a security professional to grasp the complexities and challenges afforded working for quick paced, fast growing company. This candidate is responsible for ensuring that the Security processes are optimized, ongoing reporting on IT security performance, and participating in IT Security projects. The primary responsibility of this role is to oversee the workflow of day-to-day security activities to ensure processes are performed accurately and on time as well as identifying and resolving process inefficiencies. The candidate is also expected to deliver on tasks assigned in projects.
DUTIES AND RESPONSIBILITIES:
- Perform daily reviews of different security systems and tools.
- Respond and track vulnerability tasks by patching or suggesting solutions.
- Proactively identify security flaws and vulnerabilities and can think both like an attacker and defender.
- Audit systems for secure configuration - users, central logging, etc.
- Continuous vulnerability assessment and remediation using the Qualys Cloud Platform
- System/Network security monitoring with Security Information Event Management tools
- Active participation in Incident Response team meetings
- Plan, implement and upgrade security measures and controls
- Define, implement and maintain corporate security policies
- Continuously review security bulletins and related news; stay apprised of current threats and trends
- Participate in data and root cause analysis for each service impacting incident with all possible corrective actions for improvement
- Working in partnership with other teams to improve defensive posture.
- 4-7 years of experience in Corporate IT Security administration or Security Analyst position
- Bachelor’s degree in Information Technology, Information Security, or related field
- Prior experience patching security vulnerabilities on Servers, End Points, or applications both onsite or SaaS applications
- Knowledge of Information Security principles and practices, understanding of security protocols, principles, standards and defense in depth
- Experience analyzing, troubleshooting, and investigating information security incidents from a variety of reporting platforms such IPS/IDS, DLP, SIEM, and vulnerability monitoring systems
- Knowledge of PKI, VPNs, Firewalls, IDS, TLS, and Incident Handling
- Strong grasp of TCP/IP fundamentals and various operating systems
- Knowledge of VMware and other virtualization products
- Must have exceptional verbal and written communicative skills
- Must be able to fulfill periodic on-call responsibilities
- Must be able to work constructively in team environment
- Working experience in SaaS company is highly desirable
- ITIL framework and work processes knowledge
- CISSP/CEH/SANS Courses or any IT Certifications will be an added advantage
- Tabletop exercise experience would be added advantage
- Splunk hands-on experience will be added advantage
- ISMS implementation background / knowledge will be added advantage.