The following three job descriptions are a great fit for me. I came in as one of the top two finalists for one of these where I had two phone interviews, two panel interviews, met with HR and the manager, then met with the manager’s manager over a 3.5 month time frame. Unfortunately, I didn’t get an offer but that just means something better is around the corner.
The ideal candidate will have experience with Information Technology operations and systems administration, logging and alerting systems (SIEM), understanding of networking systems, software development methodologies, and web-application as well as mobile application security principles, and encryption concepts.
- Excellent verbal and written communications (ability to interface with customer organizations)
- Working toward or achieved an Information Security Certification such as CISSP, or GSEC, GISF, GCIH, GCAWN
- 1-3 years’ experience with relevant roles/responsibilities (see below)
- Support access management operations
- Support Vulnerability management process (identifying new vulnerabilities, research and analysis and response).
- Support other business departments with inquiries from internal and external parties, and provide subject matter expertise
- Performing risk assessments and analysis of systems
- Responding to and tracking risks and vulnerabilities
- Recommending security enhancements
- Prepare for and provide support for external and internal auditing and compliance programs (such as SSAE-16, ISO 27001, and customer initiated audits).
- Investigate and document Security Incidents.
- Administer corporate physical security controls (access cards, alarm system, CCTV).
- Support IT operations groups with security guidance for systems and services.
- Administer and enhance corporate Information Security Training program.
- Endpoint protection software
- DLP Solutions and implementation
- Vulnerability scanning tools
- SIEM Systems
- Knowledge of VMWare systems, Citrix systems, Linux systems, and Windows Server 2008 and 2012 administration helpful
- Knowledge of vulnerability scanning and vulnerability management programs helpful
The Security Analyst will be a part of the fast growing security team and will be tasked to ensure the secure operation of REDACTED systems. This position will work closely with the security engineering team to develop procedures and solutions to advance security operations and mature our incident response process. This position’s primary responsibility will be to aid in the management and monitoring of endpoint security, IPS, firewall, data loss, log management, and other security solutions
Fosters close working connections with staff and management to ensure the secure operations for REDACTED applications and infrastructure while acquiring and retaining comprehensive working knowledge of all infrastructure and related systems
Develops and maintains metrics and reports within Splunk related to the institutions information security posture, including vulnerability management, incident alerting and response, intrusion detection/prevention, data loss prevention, encryption, and endpoint and mobile device security
Assists in vulnerability management process and compliance, including threat analysis, vulnerability scanning, mitigation, and reporting
Maintains a strong understanding and documentation of REDACTED’s security systems, their implementations, customizations, and operational procedures
Monitors and defines events for our security event and incident management (SEIM) and log management platform, Splunk Enterprise Security
Assists in developing procedures and solutions to advance security operations and mature our incident response process
Assists with data acquisitions, electronic discovery, and forensic investigations
Performs security operational work in compliance with defined service level agreements and operational level agreements, including firewall change requests, security operational inquiries, security incident reviews, user account management, and other operational processes
Evangelizes security and secure practices while promoting and maintaining a favorable and positive work environment for yourself and others to assist in the overall mission of REDACTED and REDACTED
Assists with day-to-day operations of security systems including, but not limited to, Splunk, Symantec Endpoint Protection, Duo Security, Symantec Data Loss Prevention, Dell Data Protection, Proofpoint, and others
Performs other related duties as assigned.
Knowledge of UNIX and Windows internals, command line, and command line tools
Scripting experience with Ruby, Python, and/or shell
Basic understanding of a variety of incidents and attack vectors, such as network intrusions, web-based attacks, malicious emails, root- and user-level compromises, malware, botnet infections, and other anomalous activity
Problem-solving and decision-making skills and the ability to make decisions independently
Excellent written and verbal communication skills, on both technical and non-technical topics
Bachelor’s degree in computer science, computer engineering, electrical engineering, network security, information security, information technology, mathematics, or similar field of study
One or more years of security-related work or internship experience
Highly Desired Requirements
Strong understanding of logging or security event and incident management systems, such as Syslog, Splunk, etc
Information security certifications, such as Security+, CEH, GIAC, SSCP
Basic understanding of the legal aspects of data acquisitions and electronic discovery
Strong conceptual thinking, verbal, and communication skills
Experience using security tools, such as Metasploit, nmap, Kali, Backtrack Linux, Wireshark, netcat, etc.)
Comfortable working with technologies at all levels of the OSI model
Skill and Abilities
Ability to create and present diagrams and reports for technical and non-technical audiences
Ability to produce professional-level documentation and reporting using Microsoft Office
Ability to think outside the box in terms of designing systems and solutions
Ability to deliver under tight deadlines and work off-hours as needed
Must be able to work in a very demanding and high-pressure environment
Fluency in navigating and using Mac OS X, Red Hat Linux, and/or Windows operating systems
Working Conditions/Physical Demands
No additional working conditions/physical demands provided.
No relocation assistance is provided for this position.
Visa sponsorship is not available for this position.
REDACTED is seeking an outstanding Information Security Analyst to join a lean, agile team of professionals dedicated to keeping REDACTED’s people, information and assets safe and secure. This is a role for a “security generalist” and will provide the right candidate a wide variety of experiences and opportunities to learn and grow.
The person in this role will be a member of the Security & Risk Management team, reporting to the Chief Security & Risk Officer. Security is at the core of REDACTED’s business – our ability to keep our customers’ confidential information under lock and key is vital to our success, making this role a direct contributor to the overall performance of the business.
- Monitor and triage internal security events, responding or escalating as needed.
- Monitor external information sources for new security developments & advisories.
- Develop recommendations/plans to mitigate issues found during monitoring.
- Respond to telephone and email security inquiries from internal stakeholders.
- Participate in responses to security incidents.
- Maintain REDACTED’s vulnerability management infrastructure and track remediation measures.
- Perform security testing of networks and applications.
- Perform data access reviews and periodic recertification for critical systems.
- Assess the security of third party vendors with access to REDACTED systems or information.
- Participate in external audits of REDACTED’s security (pen testing, SSAE16, ISO27001, etc.).
- Manage REDACTED’s Physical Security systems – card access/video, provisioning facilities access.
- The global nature of REDACTED’s business and the 24/7 nature of security threats will occasionally require out of business hours work, ranging from monitoring/answering emails, investigating critical alerts or responding to incidents.
Qualities we are seeking
- A passionate, innovative, creative, motivated security generalist eager to participate in and continuously learn about multiple aspects of security .
- Ability to take a project and run with it – a strong work ethic, organizational skills, perseverance, and the ability to utilize research tools to solve problems – as well as the ability to recognize when it is time to ask for help in surmounting an obstacle.
- Strong written and oral communications skills and the ability to explain security concepts to people of varying levels of security sophistication.
- Strong organizational skills – the ability to prioritize and manage multiple work streams.
- A view that security is a business enabler – we are here not to say “No” all of the time, but to find ways for the business to operate and grow safely.
- Willingness to get one’s hands dirty and deal with some of the less glamorous aspects of security – processes, procedures, physical security.
Skills and Experience
- 2-4 years of information security experience, preferably in financial services or another highly regulated industry such as healthcare.
- Experience responding to security questions and incidents from end users.
- Knowledge of security best practices for Windows desktops and servers, Linux servers, and network devices. Mac workstation security experience is a plus.
- Knowledge of basic web application security concepts and architectures (OWASP Top 10). Experience in conducting web application security assessments is a plus.
- Understanding of TCP/IP protocol suite and the ability to capture and analyze network traffic streams.
- Experience with a variety of open source and commercial security monitoring and testing tools such as nmap, Nessus, OpenVAS, BurpSuite, SIEM (Splunk experience a plus), IDS/IPS, anti-malware, Web filtering etc.
- Knowledge of Python, Perl or other scripting language and the ability to automate repetitive tasks.
- Experience in an organization which has completed an SSAE SOC2 and/or ISO27001 assessment is a plus.
- Knowledge of SQL database security a plus.
- Certifications: CISSP, CEH, GIAC, OCSP are all a plus.