SENIOR SECURITY ANALYST
The Senior Security Analyst is responsible for providing administration and oversight of several security technologies. These responsibilities include configuration, deployment and management of various security hardware/software applications, monitoring and alerting to security threats, and facilitating the remediation of those threats. The security analyst provides services and support across a diverse range of business applications, while adhering strictly to compliance and operational risk controls in accordance with regulatory standards, policies and practices. The position requires a high degree of technical proficiency and familiarity with software, system and network security issues in large enterprise environments.
ROLES AND RESPONSIBILITES:
- Manage, maintain and monitor multiple security technologies, such as vulnerability scanning solutions, IDS/IPS, anti-virus technologies, DLP capabilities, SIEM technologies, host forensics and malware analysis, web application firewalls and proxy solutions.
- Assess security information, triaging and responding to security events, identify false positives, and conduct correlation analysis across numerous internal and external data sources while prioritizing information security incidents.
- Coordinates the handling and resolution of security incidents, to include system intrusions and abuse and acts as a primary point of contact.
- Participates in development and implementation of information security policies and procedures; develops security guidelines and safe practices for company-wide computing and networking systems.
- Reviews, updates, and enforces data security practices within the corporate and restaurant systems environments; tests for exposures to ensure adherence to guidelines and procedures, and works with platform experts to implement remedial measures as appropriate.
- Coordinates and participates in special projects concerning information security, including testing and implementation of security technology enhancements.
- Develop and maintain standard operating procedures to reflect day-to-day security operations.
- Tests security controls and manages the associated remediation of any deficiencies as needed.
- Research and evaluate emerging technologies in support of security technology enhancements.
- Assists in developing responses to internal & external audits, penetration tests and vulnerability assessments.
REQUIRED TECHNICAL SKILLS:
- Minimum 5-7 years in the information security field
- Hands on experience with mitigating security controls (i.e., anti-virus, IPS/IDS, DLP, web and network proxies, URL content filtering, multi-factor authentication, SSL VPN’s) and how they work in an overall defense in depth risk assessment methodology.
- Experience in incidence response required; (e.g. In-depth knowledge of Windows/Unix operating system forensics, event logging systems, authentication methods, remote and local web application security, penetration testing).
- Solid understanding of network, workstation, and server security configuration
- Experience supporting information security design concepts, including testing and implementation of security technology enhancements.
- Knowledge of regulatory compliance regulations (PCI, SOX, PII)
- Must be able to effectively interact with other teams across the organization
- Ability to manage multiple tasks along a parallel process
Bachelor’s degree in Computer Science, Information Technology, or a relevant field, or equivalent experience.
PREFERRED SKILLS AND EXPERIENCES:
- Minimum of one current technical certification (e.g., CISSP, CEH, GIAC, GSEC)