This Information Security Analyst will support the business line in the security of their infrastructure, email, application code scanning, vulnerability assessments and other aspects in the IT security space. They will be required to work closely with corporate security subject matter experts along with senior business and technology service providers to understand their requirements and get appropriate alignment with Corporate Security and Resilience (CS&R).
Primary Responsibilities include:
- Building strong relationships with CS&R as well as other stakeholders within the company
- Assisting in the security monitoring and alerting efforts in the business line
- Assisting in security awareness efforts across the business line
- Supporting, as appropriate with management, the various security integration efforts across the business line
- Supporting deployment and maintenance of security tools and software
- Assisting in developing meaningful security trends and statistics
- Supporting existing and new projects across business line requiring security involvement.
- Providing internal awareness and training to colleagues within the business line regarding security initiatives and threats.
- Supporting data loss prevention and data classification program integration within the business line.
- Supporting maintenance of security processes involving applications, networking, infrastructure.
- Tracking security risk through closure for anything relative to the business line
- 3 or more years of IT Security / corporate security experience
- Understanding of Information Technology general practices
- Understanding of security best practices and how they can be applied
- Ability to write technical documentation and analyze security issues
- Proven verbal and written communication skills with the ability to present technical concepts to non-technical audiences
- Experience adapting and demonstrating flexibility while working in a dynamic environment
- Ability and drive to problem solve and think outside the box
- Knowledge of Active Directory or Identity and Access Management Principles
- Knowledge of common operating systems and networking concepts
- Knowledge of security event monitoring systems and processes
- Knowledge of common server systems and concepts
- Knowledge of common scripting languages (Python, PowerShell)
- Knowledge of SIEM tools such as QRadar or Splunk
- Knowledge of Sophos AV a plus
- Knowledge of Palo Alto a plus
- Knowledge of application security testing tools (SAST, DAST, and IAST)
Education and Certifications:
- BA/BS degree in IT security related field required