Senior Security Analyst

ESSENTIAL JOB FUNCTIONS

• Information Security Management:

o Conduct regular security assessments and vulnerability scans to identify potential risks and weaknesses in our information systems.

o Implement and maintain security controls to protect against unauthorized access, data breaches, and other security threats.

o Monitor security events and incidents, analyze security logs, and respond to security breaches promptly.

o Assist in the development, testing, and enforcement of security policies, procedures, and guidelines.

o Collaborate with IT teams to ensure secure configurations of systems, applications, and network devices.

o Stay up-to-date with the latest security technologies, trends, and best practices to continually improve our security posture.

• Compliance and Regulation:

o Ensure compliance with relevant industry standards, laws, regulations, and contractual obligations (e.g., GDPR, HIPAA, ISO 27001, PCI DSS).

o Conduct compliance assessments and audits to validate adherence to security standards and requirements.

o Prepare reports and documentation for internal and external stakeholders to demonstrate compliance.

o Collaborate with legal and regulatory affairs teams to interpret and implement applicable data protection and privacy laws.

o Provide guidance to internal teams on compliance-related matters and assist in remediation efforts when needed.

• Risk Assessment and Mitigation:

o Identify, assess, and prioritize information security risks based on the potential impact and likelihood of occurrence.

o Develop risk mitigation strategies and recommendations to enhance overall security posture.

o Work with business units to ensure that security measures align with business objectives and are properly integrated into their processes.

• Training and Awareness:

o Conduct security awareness training sessions for employees to promote a security-conscious culture.

o Educate staff on security policies, best practices, and procedures to reduce human-related security risks.

• Testing, Incident Response, and Forensics:

o Conduct application and environment tests for new and emerging security threats and vulnerabilities.

o Participate in incident response activities and support investigations into security incidents.

o Assist in collecting evidence, conducting forensic analysis, and preparing incident reports.

QUALIFICATIONS AND REQUIREMENTS

• Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CISSP, CISA, or CISM are a plus.

• Proven experience in information security, compliance, or a related field.

• Strong knowledge of security frameworks, such as NIST, CIS, or ISO 27001.

• Familiarity with regulatory requirements and privacy laws (e.g., GDPR, HIPAA, etc.).

• Understanding of risk assessment methodologies and risk management practices.

• Experience with security tools and technologies, such as firewalls, IDS/IPS, SIEM, etc.

• Excellent analytical and problem-solving skills with attention to detail.

• Effective communication and collaboration skills to work with cross-functional teams.

• Ability to stay abreast of industry trends and emerging security threats.

• Proven skills in application and environment security, exploit, and vulnerability testing

Relevant Technologies and Skills:

• Experience in Privacy Management and regulation. GDPR, CPRA, CCPA, etc.

• Experience with AWS and Azure Cloud.

• Experience with Firewalls, Load Balancers, WAFs, VPN concentrators.

• Experience with hardening standards for servers, desktops, laptops, networking devices.

• Experience with Pen Tests and Vulnerability Scans.

• Understanding of malware, network threats, attack vectors, incident response.

• Information security issues in an open, highly distributed networked environment.

• Enterprise Intrusion Prevention Systems.

• The secure use and system administration of desktop and server operating systems.

• Internet protocols and data formats such as HTTP, TLS, SSL, HTML, and XML.

• Database technologies such as Elasticsearch, SQL, or Oracle.

• Identification and authentication technologies.

• Knowledge of cloud, container-based and virtualization architectures.

• Encryption techniques, algorithms, and approaches.

Desired

• Higher education or government agency information security experience

• Experience handling and protecting information at a variety of sensitivity levels

• Understanding of laws and standards such as FISMA, GLBA, FERPA, PCI DSS, ISO, and NIST

• Information security certifications such as CISSP, CSFA, CEH, GWAPT, GPEN, etc, a plus