Vacancy expired!
The Senior Information Security Analyst is responsible for helping to plan and carry out Denali AI’s information security strategy to achieve company-wide and departmental goals. The Senior Information Security Analyst plays a vital role in keeping the organization's proprietaryand sensitive information secure while recommending specific measures that can improve the company's overall security.
Essential Functions:- Responsible for helping to apply, and developing security standards and best practices for the organization
- Perform security assessments & internal security posture reviews
- Perform vulnerability testing and penetration tests, both via internal tools as well as with formalized vendors
- Assist in company responses to security questionnaires from our customer bases
- Manage, and configure as needed, operational security infrastructure, including SIEM, Data Loss Prevention, anti-malware, encryption, multi-factor authentication, security management in a hybrid architecture using AWS/Azure cloud, and on-premise environments/applications
- Implement and develop mitigation strategies and controls to reduce overall risk
- Monitor, track, analyze, and record incidents to ensure protection from any potential leaks of malicious activity
- Manage Internet & Intranet security-based issues by performing firewall policy audits & reviewing security logs
- Identify control weaknesses, regulatory compliance issues, and potential areas of risk for all segments of the data processing and information technology business and provides management with a remediation plan for such issues
- Prepare recommendations and implement changes to work methods and procedures to make them more effective and/or to strengthen security measures
- Cross-train with team members on all other Information Security initiatives such as general Vulnerability Management, Security Reviews, Security Policy Compliance & Awareness, Customer Engagement & Security Certifications
- Analyzing security breaches to identify the root cause
- Research the latest information technology (IT) security trends
- Help computer users when they need to install or learn about new security products and procedures
- Collaborates with users to discuss computer data access needs, to identify security threats and violations, and to identify and recommend needed programming or process changes
- Uses data encryption, firewalls, and other appropriate security tools and applications to conceal and protect transfers of confidential digital information
- Develops and implements plans to safeguard digital data from accidental or unauthorized modification, destruction, or disclosure; adheres to emergency data processing needs
- Reviews violations of security procedures; provides training to ensure violations do not recur
- Monitors and restricts access to sensitive, confidential or other high-security data
- Modifies security files and applications as able and necessary to provide specialized access, allow new software to be installed or integrated or correct errors
- Performs risk assessments, audits, and tests to ensure the proper functioning of data processing activities and security measures
- Safeguards system security and improves overall server and network efficiency by training users and promoting security awareness
- Determines when to update virus protection systems by monitoring current reports of computer viruses; facilitates or performs needed updates
- Perform accurate and timely analysis and reporting of security of events from a wide variety of technology sources
- Serve as a project manager and lead for developing a security roadmap and individual projects
- Bachelor’s degree in Computer Science or Engineering or related field (or work equivalent)
- 7+ years of experience
- 7 years of total experience in IT
- 5 years in InfoSec
- Certifications that support experience within IT security in one or more common frameworks
- Advanced knowledge of common security frameworks such as SOC 2/3, HIPAA, PCI, GDPR, NIST, etc.
- Advanced knowledge of common & current tools such as Rapid7, NESSUS, NMAP, Kali Linux, ZenGRC
- Complete audits with reputable 3rd parties such as Gartner or CoalFire
- Experience in information security management and related functions such as IT Risk Management
- Ability to align information security policies with business requirements
- Flair for translating information security requirements into IT security controls and measures
- Attention to detail
- Excellent communication skills – both written and oral
- Project management skills and an ability to translate business requirements into technical IT security deliverables
- In-depth knowledge of security protocols and principles
- Critical thinking skills and ability to solve complex problems
- ID: #22168497
- State: Washington Redmond 98052 Redmond USA
- City: Redmond
- Salary: Depends on Experience
- Job type: Permanent
- Showed: 2021-11-04
- Deadline: 2021-12-30
- Category: Et cetera