Sr. Cyber Security Analyst

About The Position

Requirements

• 3-5 years’ experience in a combination of information compliance and Information Technology positions demonstrating a progressive growth in responsibility
• Bachelor's degree or equivalent experience in an IT-related or compliance discipline or related work experience
• Direct and recent working experience with the following compliance programs/Information Security Frameworks: ISO 27001, NIST, PCI-DSS
• Proven experience with current IT security and compliance technologies
• Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing
• Strong background in incident response, intrusion detection or threat intelligence
• Strong working knowledge of TCP/IP networking and common protocols
• Experience with centralized log management tools
• Experience with managing endpoint and server protection technology such as anti-virus/spyware/malware, application whitelisting, and patching tools
• Strong communication skills and the ability to work collaboratively with IT and system administration, Database Administration, and application development staff
• Strong organizational skills to lead multiple highly visible projects

Nice To Haves

• Cyber Security certification preferred (CISSP, OSCP, CompTIA Security+/Pentest+, etc.)
• Experience with application and network penetration testing preferred
• Security experience in a cloud platform (e.g., AWS, Azure, GCP, Heroku, etc.)
• SnowFlake Monitoring and Alerting
• DevSecOps
• Application/System Vulnerability Management
• Microsoft Office 365/Azure native security tools
• Cybersecurity Incident Response experience
• PowerShell, Python, or similar scripting language
• Cato Firewalls
• Endpoint protection software

Responsibilities

• Develop and enforce information security and privacy practices, policies, procedures in a “cloud-first” environment. Ensure proper education and maintenance of regulatory/compliance standards and/or frameworks (e.g. ISO27001, PCI-DSS, etc.)
• Executes vulnerability management tasks including configuration and review of vulnerability scans, maintenance and expansion of related tools, identification of new issues, tracking of remediation efforts and production of monthly metrics.
• Continuous improvement of monitoring and response capabilities, particularly in Cloud-native environments, such as Microsoft Azure, SnowFlake, etc.
• Assist with review audits (e.g. client, regulatory and/or standards based) with business partners as needed to ensure appropriate data sharing, communication and prioritization for dependent resources.
• Comprehend all aspects of Cybersecurity and apply technical application security testing expertise to assist in identifying weaknesses and vulnerabilities that affect the confidentiality, integrity and availability of corporate protected, sensitive, and confidential company information and data.
• Ensures ISMS (Information Security Management System) documentation/policies and procedures stay current and updated.
• Actively engages in the greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify new technologies, new techniques and new partners. Demonstrates a positive, proactive, and thought leadership attitude to Virtuoso and its Membership and the greater security community.
• Follow and re-enforce Privacy and Security policies and guidelines.
• Working knowledge of information/cybersecurity, infrastructure vulnerabilities, and network security products (hardware and software)
• Performs information security risk assessments and assists with the daily, weekly, monthly, and quarterly internal auditing of information security processes.
• Experience handling security events/incidents as part of an Incident Response team
• Ensure the integrity and confidentiality of access to designated corporate and customer applications, databases, servers, and other systems.
• Monitors the security infrastructure for policy violations or security events and participates in problem management and forensic activities as needed.
• Assists in responding to client requests including preparation of written audit responses and preparation of evidence.
• Tests and assists with selection and implementation of controls that apply security protections to enterprise systems, processes, and information resources.
• Supports IT security within the system development lifecycle, change management, production systems support and technology-enabled projects (user administration, security logging, secure process flow, security best practices).
• Continuous monitoring and security posture improvement of cloud service technologies, such as Microsoft Azure, SnowFlake and various SaaS apps.
• Working knowledge of Windows/Linux operating systems and web browser behavior, networking, database, systems, and mobile devices.
• Experience with network and/or application pentesting preferred.
• Knowledge of security issues, techniques, and implications across Enterprise client computer platforms required.
• Proven interpersonal and communication skills.
• Strong work ethic; excellent use of discretion and judgment. Excellent written communication skills.
• Strategic thinking and planning abilities required.
• Able to breakdown raw information and undefined problems into specific, workable components that in turn clearly identify the issues at hand.
• Makes logical conclusions, anticipates obstacles, and considers different approaches that are relevant to the decision-making process.
• Effectively meet challenges, influence, and drive consensus within the team.
• Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging deadlines required.
• Develops and presents finding and remediation reports to audiences including team members from all department areas and levels of the company.

Benefits

• full benefits package, including medical/dental/vision/life
• 401(k) savings plan