October 24, 2007

Job Seekers

Looking for a career? You've come to the right place!

Senior Security Analyst

Location: New York, NY
Date Posted: 09-21-2018



Responsibilities
Reporting to the Director of Information Security, the Senior Security Analyst will be responsible for supporting the company’s Information Security programs and initiatives. This position requires ability to analyze complex application, network, and management systems to ensure compliance with all security requirements. The candidate will provide technical security recommendations and solutions, lead security project implementations, troubleshooting, investigations and assessments. Primary responsibilities include:
  • Manage security events/incidents and work in conjunction with Incident Response Team.
  • Investigate all security incidents and follow up on them until resolution.
  • Conducting internal security audits and performs risk assessments.
  • Conduct Third Party vendor security and risk assessment.
  • Perform vulnerability scans on networks, servers, systems and applications.
  • Create weekly security reports including keeping track of information security metrics.
  • Work with consultants and third party vendors as it relates to security services they provide.
  • Manage third party security providers such as SOC, Managed Detection Response, Next-Gen AV and others.
  • Participate in project reviews of information security architectures associated with each initiative.
  • Maintain all related Information Security documents which includes Security Standards, Standard Operating Procedures, Guidelines and others.
  • Implement and maintain Security Incident and Event Management systems (SIEM), Intruder Detection sensors, Next-Gen AV, Web Filtering Solutions, DLP and host based IDS, application white listing solutions, Endpoint Detection Response Technologies.
  • Research for new security technologies.


Qualifications
  • 7+ Years’ experience in Information Security
  • Bachelor Degree in Engineering, Computer Science or Information System or significant work experience
  • Must have certification in information security such as CISSP, CISA, GIAC.
  • CEH or GIAC GSEC certification is a plus.
  • Extensive knowledge of security best practices in regards to computer systems, networks, telecommunications and all associated hardware.
  • Ability to perform technical security audits.
  • Ability to work in a fast paced and dynamic environment.
  • Must possess good communication skills.
  • Must be able to work well in teams.
  • Very strong analytical approach to problem solving and solution development.
  • Ability to manage multiple projects and support functions.
  • Ability to work with outside auditors as it relates to privacy and security auditing situations.
  • Familiar with regulatory compliance such as SOX/HIPAA as well as privacy laws such as GDPR.
  • Familiar with ISO27001 ISMS and other security frameworks such as COBIT.
  • Must be available to report to work on regularly scheduled days and off hours when required.
  • Must be available for off hours urgent e-mails or calls from SOC or Security Incident Response Team.
  • Strong analytical, communication and interpersonal skills.
  • Excellent documentation skills and capable of creating comprehensive security documents and architecture diagrams.
  • Passionate about security and strive to enhance the security posture of the Firm.
  • Experience with following technologies and:
    • SIEM products such as Logrhythm, Qradar or others).
    • IDS & IPS (Snort, Suricata, SourceFire or others).
    • Cisco ASA, Palo Alto firewalls or others.
    • DLP products such as (Websense, Digital Guardian, GTB or others).
    • Web Filtering products (Websense, Palo Alto, Zscaler or others).
    • Endpoint security products such as CB Defense, Bit9, Microsoft Defender, Symantec or others.
    • Vulnerability scans and penetration test using Nessus, Rapid7 or others..
    • Forensics analysis using Guidance Encase platform or open source tools.
    • Open source security tools (Metasploit, Nmap and others) and network traffic analysis.
    • EDR Solutions such as CB Response, Rapid7, Microsoft Defender ATP and others.
    • Microsoft Windows Servers and Workstations.
    • Microsoft Active Directory.
    • Powershell scripting ability and other scripting language.
    • Linux Servers and Workstations.


 
or
this job portal is powered by CATS