Information Security Analyst

About The Position

Requirements

• 3+ years of experience in a dedicated Information Security Analyst role.
• Comprehensive understanding of Linux and Windows, Containers (K8s), and protocols (TCP/IP, SSL, LDAP, RADIUS, SAML and REST API).
• SOC/NOC experience is essential. Working knowledge of information security control technologies including vulnerability management, SIEM/log management, access control, Firewall, EDR and WAF related technologies such as IPS, antivirus, DLP and FIM etc..
• Hands-on experience with FortiSIEM, FortiAnalyzer, and FortiSOAR (or equivalent enterprise SIEM and SOAR tools) are required.
• Hands-on experiences on vulnerability scanners such as Nessus, Burp or other similar tools are required. Be able to apply CIS benchmark to hardening the Linux and Windows servers.
• Quick learner and independent research ability
• High responsibility and time sensitive on duties
• Effective communication skill
• Target driven and efficient working style
• Strong organization and time-management skills
• Keen attention to details
• Bachelor's degree in Computer Science, Information Security, Electrical Engineering or related field;
• A certification in one or more of the following is strongly desirable: NSE, CISSP, CCSP

Nice To Haves

• Working knowledge and experience on public cloud security and CNAPP tools such as AWS GuardDuty, Inspector and Lacework are desirable.
• Familiarity with programming language of Python/Jinja and HTML/JavaScript and capability to develop SOAR automation playbooks or scripts will be highly valued.
• Previous experience on system-level security evaluation and consulting, reporting of 0-day vulnerability on any service/system is a valuable asset.
• Knowledge and experience working with various information security frameworks (ISO/IEC 27001, NIST 800-53, etc.) and regulatory frameworks (HIPAA, GDPR, etc.) are desirable.

Responsibilities

• Work with services operations team and R&D to protect Fortinet private services and cloud infrastructure.
• Conduct security monitoring on and vulnerability scan to our Management Information System and FortiGuard system worldwide.
• Analyze security event and leverage SOAR to automate triage and resolution.
• Lead the cyber security incident response lifecycle—from initial investigation and countermeasures to recovery and post-mortem analysis.
• Work with service operation teams to maintain up-to-date asset inventory, perform regular hardening using CIS Benchmarks to ensure compliance with ISO27001.
• Participate in risk assessment, internal and external audit and disaster recover drill.

Benefits

• We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being.
• Benefits eligibility starts on your first day of hire and comprises of 100% company paid medical, dental, and vision coverage, including a Health Spending Account and a Personal Spending Account that gives you flexibility to spend where you need it the most.
• Our Employee & Family Assistance Plan (EFAP) offers you and your family access to various services like counseling, legal advice, mental health resources etc.
• We also provide critical illness, disability, and life insurance, as well as a Group Registered Retirement Savings Plan (RRSP) with a company match to help you save faster for retirement.
• We offer competitive Paid Time Off and flexible leave policies, including paid health days, to help you take care of yourself and your family members.
• All roles are eligible to participate in the Fortinet equity program.
• Bonus eligibility is reviewed at time of hire and annually at the Company’s discretion.