Information Security Analyst
Director of Engineering
Information Security Analyst
As an Information Security Analyst, you will work as part of Engineering and Network Security team to ensure that information security risks are managed effectively, and prevent security issues from hindering enterprise operations. Through mentoring and working closely with senior staff, the job holder will gain experience and broaden their knowledge, progressing to independent working.
Principally, the candidate will have strong written communication and interpersonal skills, combined with a curiosity, and openness to new approaches. An interest in cyber security and network administration.
The role of the Security Analyst is not limited to, but includes working with the engineering and development teams to:
- Ensure that information assurance is addressed throughout product lifecycles
- Provide risk management advice & develop risk management techniques
- Communicate risk and information assurance matters with other business areas
- Assist in Enterprise Policy and Procedure governance
- Ensure that Enterprise systems maintain a standard security baseline.
- Monitor and analyze alerts from a wide array of security devices and systems (SIEM, Firewalls, IDS/IPS, EDR, Anti-virus, etc.)
- Work with product managers to understand and manage risk for new and existing services
- Ensure that key systems are regularly risk assessed, maintained and improved
- Work closely with development teams to ensure information security controls and assurances form part of the design of digital services
- Ability to investigate breaches of operational security and to take actions to mitigate breaches in future
- Maintain an understanding of the current cyber security strategies
- Provide reoccurring reports for network and host-based security solutions
Skills & Qualifications
Enthusiasm for information security and 0-2 years of related experience. Candidates should have completed an information systems program with an emphasis on security. Additionally Cyber Security certifications such as Security+, CEH, CYSA, or similar are preferred.
- Understanding of threat models
- Working knowledge of Active Directory, DNS, DHCP, Windows Servers and workstations
- Knowledge of Linux based systems
- Experience working with EDR and anti-virus solutions
- Understanding of network components: Firewalls, switching and routing
- Strong research and problem solving skills
- Awareness of information security frameworks
- Ability to deploy and maintain basic network security tools
- Knowledge of cloud technology
- Experience with netflow data and packet analysis
- Penetration testing / Ethical hacking
- Fraud detection and monitoring
- Change management monitoring and enforcement
- Knowledge of web development and related languages, .Net, PHP, JS, CSS, etc.