Sr Information Security Analyst I
21d ago

Incident Response

  • Respond to computer security incidents according to the security incident process.
  • Provide guidance to first responders for handling information security incidents.
  • Coordinate efforts among multiple departments during response.
  • Provide timely and relevant updates to appropriate stakeholders and decision makers.
  • Provide investigation findings to relevant business units to help improve information security posture.
  • Validate and maintain incident response plan and processes to address potential threats.
  • Compile and analyze data for management reporting and metrics.
  • Threat Management

  • Monitor information security related Web sites (US-CERT, SANS Internet Storm Center, etc.) and mailing lists (DHS Infrastructure, BugTraq, etc.
  • to stay up to date on current attacks and trends.

  • Analyze potential impact of new threats and exploits and communicate risks.
  • Perform hunting in logs and security tools for signs of compromise or breach
  • Vulnerability Management

  • Monitor information security related Web sites (US-CERT, SANS Internet Storm Center, etc.) and mailing lists (DHS Infrastructure, BugTraq, etc.
  • to stay up to date on current attacks and trends.

  • Interpret penetration results and validate closure
  • Use vulnerability and web application scanner to monitor for vulnerabilities and ensure tickets are assigned and tracked to meet patching SLA
  • Work with solution engineers to test and configure the WAF to patch web server vulnerabilities and prevent breaches
  • Report vulnerability management metrics
  • Qualifications

  • Three or more years of technical experience in the information security field, preferably in this particular industry
  • Three or more years of practical experience in an incident response role
  • Advanced knowledge of information systems security concepts and technologies; network architecture; general database concepts;
  • document management; hardware and software troubleshooting; intrusion tools; and computer forensic tools

  • Familiarity with security regulatory requirements and standards (such as PCI DSS, ISO 27001 / 2, CSC Critical Controls)
  • Advanced knowledge and experience with the Windows and Linux operating systems
  • Working knowledge of and experience in investigating malicious code and packet captures
  • Demonstrated ability to apply technical and analytical skills in a security environment

  • Ability to work extremely well under pressure while maintaining a professional image and approach
  • Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause
  • Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports
  • Team player with proven ability to work effectively with other business units, IT management and staff, vendors, and consultants
  • Strong communication skills such as planning and leading effective meetings, conducting structured interviews to collect information, interpersonal and negotiation skills, and presenting to a variety of audiences
  • Advanced skills to present information to stakeholders and / or decision makers in an effective and professional deliverable
  • Education / Certifications / Others

  • Bachelor’s degree in management information systems, computer science, or related discipline is required.
  • Postgraduate degrees and certificate programs in relevant areas that demonstrate analytical writing will also be considered.
  • CISSP certified / qualified or ability to pursue obtaining these certifications within six months of hire
  • SANS GCIH or GCFA, CISA, CISM, EnCER certification(s) and preferred but not required.
  • Must be able to work in afternoon shift and be on call during after hours.
  • Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form