Senior Information Security Analyst
Position Summary
The goal of information security is to protect the confidentiality, integrity, and availability of information assets. The information security team is responsible for defining and implementing security policy and standards and continuously monitoring for new threats. The Information Security Analyst is a hands-on technical role, responsible for incident response and security systems. This is an AVP level position within the organization. Currently the Information Security team is in the office 3 days per week (subject to change).
Primary Responsibilities
The Senior Information Security Analyst is responsible for the evaluation, design, implementation, and administration of security systems, and secure configuration of on-premises and cloud-based enterprise technologies.
The responsibilities of the Information Security Analyst include:
- Responding to security incidents.
- Administering and supporting both security systems and security capabilities of enterprise technologies including:
- Advanced Endpoint Security
- Cloud Applications
- Email Security
- Network Security – Firewalls, Network Access Controls
- Data Loss Prevention
- Vulnerability Management
- Security Information and Event Management (SIEM)
- Secure Configuration of Operating Systems and Applications (Hardening)
- User Awareness Training
- Assisting with implementation of security projects.
- Researching, developing, testing, and performance tuning solutions to security challenges.
- Evaluating security products and vendors and providing recommendations.
- Performing security assessments of new applications and changes.
Background of Candidate:
Working experience with the following technologies:
- 4-6 years’ experience in a security analyst/engineering role preferably in the insurance or financial services industries; or
- 6-8 years’ experience in an IT infrastructure role with a focus on security preferably in the insurance or financial services industries
- Strong technical knowledge and experience in the following:
Incident Response
- Advanced Endpoint Secruity
- Network Security-Firewalls, Network Acess Controls
- SIEM
- Email Security
Mid-level technical knowledge and experience in the following:
- Active Directory Group Policy
- Microsoft Azure & O365
- Microsoft 365 Defender
- Windows Operating Systems
- Data Loss Prevention
- Vulnerability Management
- User Awareness Training
Good understanding of information security standards and regulations applicable to the insurance and financial services industries.
Bachelor’s degree in Information Security, Information Systems, Computer Science, or other related discipline, or equivalent work experience.
Technical security certifications a plus, such as CISSP, SSCP, CCSP, GIAC.
Requirements:
- 5-7 years’ experience in a security engineering role, preferably in the insurance or financial services industries.
- Experience with AWS
- Bachelor’s degree or higher in Information Security, Information Systems, Computer Science, or equivalent.
- Ability to communicate effectively and professionally, both verbally and written.
- Security certifications a plus, such as CCSP, CSSLP, CISSP, ISSAP, ISSEP, GIAC.
Compensation:
Annual base salary for the position is expected to be from $115,000 per year to $145,000 per year.