Job Title: Senior Information Security Analyst
Our client, a global leading provider of financial services in the entertainment industry, is looking for a Senior Information Security Analyst to lead program maturity efforts and initiatives on an enterprise-wide level. In this role, you will work with operations and engineering departments to assess information risks and facilitating vulnerability remediation.
As Senior Information Security Analyst:
- You will carefully identify patterns of technical security issues and weaknesses, and design solutions to prevent future recurrences
- You will provide technical security training for both business and IT groups
- You will stay current with information security skills and processes, and transfer these to others where appropriate
- You will also make recommendations to the business, IT partners, and third parties on remediation and verify remediation activities
In addition, you will:
- Run security tests on websites, infrastructure, and applications using automated and manual commercial or open source tools
- Develop system designs and project plans with fitting security controls in partnership with project teams and system architects
- Report security issues on a technical and executive level
- Design, document, and implement processes, procedures, guidelines, and solutions that meet security standards
- Function as primary incident response handler and guide IT and other departments during security incidents
- Implement, maintain, and monitor information security program(s) into in-scope operational areas
- Ensure that the program aligns with company strategy, fully supporting its execution
What Gets You the Job?
- 7+ years’ comprehensive information security experience
- 3 years’ application security testing and vulnerability testing experience
- 2 years’ secure software development experience
- 2 years’ hands-on experience with UNIX and infrastructure security
- Proficiency with cloud platform and mobile technologies including associated security risks
- Strong familiarity with evidence preservation, corrective action, and preventive actions
- Ability to perform gap analysis, risk assessment, third-party assessments, procedure/specification development, execution of recurring procedures, and incident response
- One or more security certification is preferred: CEH, CISSP, CISA, IT/Security Vendor Certifications (e.g. Cisco, Microsoft, RSA, CHFI, EnCE and ACE, GIAC/GSEC, GIAC/ GCIA, GIAC/GCIH
- Working knowledge of IT management frameworks such as ISO/IEC 27001, ITIL, COBIT, NIST (audit and SOC2 is a plus)
- Familiarity with NAC and DLP technologies
- Proven experience with security hardening techniques for Server OS (Windows, Unix and Linux), databases (MySQL, Oracle, MS SQL) and application servers (Apache and Tomcat)
- Functional knowledge of computer, systems and network architecture including operating systems, virtual environment, and networking protocols
- Experience implementing and providing support for security technology including log management, code analysis tools, IDS, IPS, HIPS, AV, Packet Capture, Encryption, etc.
- Experience with F5 Load Balancers and/or Palo Alto firewalls is a plus
- Entertainment industry experience is nice to have
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.