Reporting to the Information Security Director, the Senior Security Analyst works alongside three additional Senior Security Analysts and the Information Security Manager. Collectively, this team is responsible for the ongoing operation of the Firm’s information security program. The Senior Security Analyst is a wide ranging, hands on role encompassing the design, implementation and maintenance of advanced security technologies, performing in-depth security reviews for new projects and technologies, conducting third party risk assessments, and providing frontline response for all security incidents. The ability to communicate effectively with all levels of the business regarding security issues while ensuring that the firm’s information assets are properly protected is essential.Responsibilities
- Act as the primary resource/lead for at least 2 of the Firm’s security platforms (Palo Alto Firewalls, FireEye HX, Symantec EP, CyberArk, Splunk, Varonis, Vectra, Forescout, Forcepoint, Illumio, and others) including design, implementation, and maintenance of those platforms.
- Act as a backup resource for other security platforms in use by the Firm, developing a working knowledge the comprehensive security architecture in order to support those technologies when needed, as well as integrate one’s area of responsibility creatively and effectively.
- Develop scripts using Python, Powershell, Splunk Processing Language (SPL) or other scripting language to automate mundane or time-intensive tasks. Integrate these automation scripts into the security architecture in a transparent and supportable way to augment the teams current abilities.
- Perform front line security incident response as a member of a 4 person on call rotation. Using the Firm’s established processes and procedures, provide timely investigation and resolution to all suspicious email reports, malware instances, and other security events. Develop automation scripts to assist in the team’s incident response effort.
- Using established processes, conduct detailed, written security reviews for vendors, projects, and technologies. The security review process includes conducting initial intake interviews with stakeholders, researching and performing due diligence, using third party risk management tools, conducting risk assessments, and presenting final recommendations for moving forward in a secure manner.
- Throughout the system development lifecycle (SDLC), assess and review the Firm’s current technology infrastructure to identify key risk areas, ensuring that adequate controls are in place to address those risks. Take a lead position to research specific security technologies and controls as requested by senior management.
- Lead efforts to improve cyber threat intelligence (CTI) gathering, analysis, and management.
- As assigned, conduct periodic scheduled processes and procedures such as running vulnerability scans, and periodic privileged access reviews.
- Maintain operational responsibility for the information security team’s ticketing queue, primarily relating to the evaluating and managing tickets requesting policy exceptions.
- Offer insights and collaborate within the team to provide input to strategic and tactical planning, initiatives, and projects.
- Four year degree in computer science or related field, or the equivalent work experience.
- A minimum of 3-5 years of experience in an information technology security role with a total of approximately 10 years of industry experience, or equivalent work experience in other areas of the broader Information Technology field. Information Security certifications are considered a plus (CISSP, CISA, CEH, GSEC, OSCP, CRISC, Palo Alto, Cisco, Splunk, and others). Non-security certifications in Cisco, Microsoft, and Cloud considered.
- Strong scripting abilities preferred.
- This role is highly technical and expertise in at least some of the following is required: Next generation firewalls (Palo Alto) and endpoint tools (FireEye, Symantec), web proxies (Forcepoint), ethical hacking, email firewalls (Proofpoint), SIEMs (Splunk), threat analysis tools, vulnerability scanners, authentication, encryption, authorization, continuous auditing tools/techniques, network segmentation, access control, privileged account management, or other information security tools. Deep understanding of networking and operating systems concepts considered very important.
- This role requires diligent adherence to specified processes and procedures with a professional and consistent end product.
- Experience managing and leading security projects, including defining requirements, developing project plans, and delivering results
- Excellent oral and written communication skills.
- Strong organizational skills to handle multiple priorities.