Overview: The Information Security Analyst will be responsible for analyzing events, conducting vulnerability assessments, identifying threats, reporting security findings and recommending corrective actions for the relevant operational teams. He/she will be granted access to industry leading security tools and among other Infosec members will be responsible for the administration and maintenance. The ideal candidate must be able to work independently and have solid project management skills.
The key responsibilities of the role are:
Review and analyze alerts and logs from server hosts, Firewalls (FW), Intrusion Detection Systems (IDS), Antivirus (AV), UBA, and other security threat data sources.
Maintain SIEM/log management solution, including data collection, aggregations, and regular exception reporting, Network Hierarchy, Content Extensions, version upgrades and patches.
Assist with the HW and Software upgrade of the SIEM (Qradar) appliances, deployment expansion and migration from the on-premises solution to the Cloud.
Assist with threat management tasks, including threat hunting, threat intelligence feeds and implementing Qradar apps supporting this operation.
Manage the security operations among all brands by analyzing and/or escalating security events found internally or via Managed Security Service Providers to our IT and business partners.
Monitor and distribute security notifications in adherence with the established notification / security information sharing protocols.
Assist with formulation and distribution of Information Security Metrics that demonstrate security coverage and remediation effectiveness.
Assists with review of Network and Application vulnerability scan alerts and reports.
Identify and resolves false positive findings in assessment results
Work closely with QSAs and business teams to identify requirements for PCI regulatory compliance; Follow-up on outstanding audit findings, document new or updated applications and/or technology infrastructure elements, etc.
Monitor and maintain compliance with all applicable configuration standards
Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, IPSEC, HTTP, TLS, DNS etc.)
Technical expertise in security engineering, cloud computing (AWS/Azure), system and network security, authentication and security protocols, cryptography, and application security
3-5 years hands-on experience with QRadar SIEM administration and security analyst use
2-3 years of experience with vulnerability scanning and web application testing tools
Strong understanding of Data Security and Regulatory Standards including Payment Card Industry (PCI), Sarbanes-Oxley (SOX) and NIST Cybersecurity Framework (CSF).
Strong critical thinking and problem-solving skills
Excellent written and oral communications skills
Ability to understand business needs and commitment to delivering high-quality, prompt, and efficient service to the business
Typical Education and Experience:
BS in Computer Science, Information Security, or a related field
3-5 years of past experience in information security, especially in an analyst role on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
Industry Certifications such as CISSP, CISM, CISA, CEH are considered a plus