The Information Security Analyst performs daily operations, support, and maintenance of all security technologies centric to Network, Perimeter, and Gateway related information security solutions. These areas include but are not limited to, firewalls, remote access VPNs, email gateways, web gateways and proxies, network based intrusion detection/prevention systems, wireless intrusion detection systems, network access control systems, and network forensic systems.
•Evaluate security practices, assess vulnerabilities and develop programs to improve security and mitigate risk;
•Develop and analyze security policies, procedures and technical standards including corporate compliance, security training, and end-user awareness;
•Evaluate existing security technology and infrastructure and propose strategic architecture and direction for information security systems;
•Oversee security of customer hosted services and applications including security requirements and architecture, risk analysis, and periodic / change reviews;
•Participate in security incident triage and response, including working with firewall and device logs, investigating security events, protecting forensic value of data and establishing monitoring and incident reporting and response procedures;
•Assess internal/external application and deployment security and collaborate with application developers to ensure that development methodologies incorporate security policies and best practices;
•Conduct security assessments and make recommendations on data network (LAN/WLAN/WAN/DMZ/Internet), disaster recovery, remote access, network appliances, servers, and directory services security;
•Define and ensure proper implementation of personal computer security configurations and policies including end-point security;
•Select and manage security products, services and vendor relationships;
•Ensure that services provided by other enterprises, including outsourced consultants and providers are consistent with established information security policies;
•Develop and manage the Corporate DR/BC plan
•Provides input into engineering and architectural design reviews, project proposals, and Strategic Planning review sessions.
•Implements and oversees the maintenance and upgrades of the Information Security infrastructure solutions in a qualitative, timely, and cost efficient way.
•Assists in Incident Response activities and ensures timely reporting & remediation of security control gaps and vulnerabilities to the environment.
•Keeping up with evolving risks, new developments in the security industry, and industry best practices in risk management techniques.
•Strong experience with ISO 27001 and/or SAS70 and the ability to advocate these principles in the environment
•Must have some IT knowledge- Understand Change Management/Release Management, Product Development Life Cycle
•Develop and issue information security policies and controls based on ISO 27001 or SAS70 (SSAE16 or SOX are a plus), and other relevant security frameworks
•Develop metrics to measure effectiveness of ISMS
•Manage, monitor, and maintain security policies to ensure they remain current and relevant
•Publish and communicate implementation of policies, standards, and procedures throughout the organization
REQUIREMENTS:
•Bachelors or equivalent experience; preferred Bachelor’s degree in Computer Science, Management Information Systems, Engineering, Mathematics or other related field
•Minimum of 5 years of related experience
•Must be authorized to work in the United States on a full-time basis for any employer and able to pass a background check upon offer
DESIRED QUALIFICATIONS:
•High aptitude for troubleshooting, with a background in enterprise IT operations (network, wintel server, *nix server, desktop, applications, security) strongly preferred
•Strong written communication skills including the ability to develop and write security policies, documentation, and guidelines for technical staff and end users
•Strong verbal communication and collaboration skills - able to work with both technical and non-technical personnel to research and resolve problems
•Strong analytical and reasoning, organizational and project management skills
•Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems.
•Ability to work well with others across many organizations including engineering, sales, marketing, finance, customer service, and internal IT departments
•Professional demeanor and strong work ethic
•Strong time management skills and proven ability to manage multiple tasks and schedules
•One or more of the following certificaion designations is preferred:
o GIAC Certified Firewall Analyst - GCFW
o GIAC Certified Intrusion Analyst - GCIA
o Certified Information Systems Security Professional - CISSP
o Other Technical Certifications considered
•eDiscovery industry knowledge a plus
Equal Opportunity Employer -Women/Minorities/Veterans/Disabled.
•Evaluate security practices, assess vulnerabilities and develop programs to improve security and mitigate risk;
•Develop and analyze security policies, procedures and technical standards including corporate compliance, security training, and end-user awareness;
•Evaluate existing security technology and infrastructure and propose strategic architecture and direction for information security systems;
•Oversee security of customer hosted services and applications including security requirements and architecture, risk analysis, and periodic / change reviews;
•Participate in security incident triage and response, including working with firewall and device logs, investigating security events, protecting forensic value of data and establishing monitoring and incident reporting and response procedures;
•Assess internal/external application and deployment security and collaborate with application developers to ensure that development methodologies incorporate security policies and best practices;
•Conduct security assessments and make recommendations on data network (LAN/WLAN/WAN/DMZ/Internet), disaster recovery, remote access, network appliances, servers, and directory services security;
•Define and ensure proper implementation of personal computer security configurations and policies including end-point security;
•Select and manage security products, services and vendor relationships;
•Ensure that services provided by other enterprises, including outsourced consultants and providers are consistent with established information security policies;
•Develop and manage the Corporate DR/BC plan
•Provides input into engineering and architectural design reviews, project proposals, and Strategic Planning review sessions.
•Implements and oversees the maintenance and upgrades of the Information Security infrastructure solutions in a qualitative, timely, and cost efficient way.
•Assists in Incident Response activities and ensures timely reporting & remediation of security control gaps and vulnerabilities to the environment.
•Keeping up with evolving risks, new developments in the security industry, and industry best practices in risk management techniques.
•Strong experience with ISO 27001 and/or SAS70 and the ability to advocate these principles in the environment
•Must have some IT knowledge- Understand Change Management/Release Management, Product Development Life Cycle
•Develop and issue information security policies and controls based on ISO 27001 or SAS70 (SSAE16 or SOX are a plus), and other relevant security frameworks
•Develop metrics to measure effectiveness of ISMS
•Manage, monitor, and maintain security policies to ensure they remain current and relevant
•Publish and communicate implementation of policies, standards, and procedures throughout the organization
REQUIREMENTS:
•Bachelors or equivalent experience; preferred Bachelor’s degree in Computer Science, Management Information Systems, Engineering, Mathematics or other related field
•Minimum of 5 years of related experience
•Must be authorized to work in the United States on a full-time basis for any employer and able to pass a background check upon offer
DESIRED QUALIFICATIONS:
•High aptitude for troubleshooting, with a background in enterprise IT operations (network, wintel server, *nix server, desktop, applications, security) strongly preferred
•Strong written communication skills including the ability to develop and write security policies, documentation, and guidelines for technical staff and end users
•Strong verbal communication and collaboration skills - able to work with both technical and non-technical personnel to research and resolve problems
•Strong analytical and reasoning, organizational and project management skills
•Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems.
•Ability to work well with others across many organizations including engineering, sales, marketing, finance, customer service, and internal IT departments
•Professional demeanor and strong work ethic
•Strong time management skills and proven ability to manage multiple tasks and schedules
•One or more of the following certificaion designations is preferred:
o GIAC Certified Firewall Analyst - GCFW
o GIAC Certified Intrusion Analyst - GCIA
o Certified Information Systems Security Professional - CISSP
o Other Technical Certifications considered
•eDiscovery industry knowledge a plus
Equal Opportunity Employer -Women/Minorities/Veterans/Disabled.