Global Information Security Analyst

TalentBurst
Kenosha-racine, WI
17 Feb 2025

Vacancy expired!

Job Description

ENGAGEMENT DESCRIPTION Project or Solution Security Consulting Responsibilities: • Perform security analysis of business solutions and develop security requirements across security domains with the goal of balanced protection of information systems assets, corporate data, and intellectual property based on enterprise security standards and enterprise risk appetite • Conduct threat modeling and technical security assessment of business solution related components and services • Lead the design and implementation of authorization matrix and privileged access management for a given business solution • Develop new security requirements for business use-cases that are not covered by existing security standards based on: o corresponding threat model o enterprise risk appetite o NIST CSF framework o NIST security guidelines o industry best practices and guidelines • Apply, validate, extend existing, and develop new security design patterns based on business and infrastructure use-cases to support standardization and reusability • Collaborate with domain security architects and engineering in development of security design and coordinate integration with enterprise security tools • Document formal project artifacts - business requirements, high-level architecture/design documentation, low-level architecture/design documentation • Provide consulting to the business for vulnerability or penetration test assessment findings • Conduct security readiness assessment of the business solution upon build to ensure all identified security requirements were properly met (e.g. technical, administrative, physical) • Provide general security support and consulting throughout the engagement Security Governance Responsibilities • Develop, document, and socialize security patterns to drive simplification, standardization, and operational consistency • Participate in reviews and development of security standards based on security frameworks (e.g. NIST CSF, NIST 800-53, CIS, ISO 27000) • Stay up to speed with latest developments in security frameworks and industry best practices, and maintain up-to-date knowledge of available enterprise solutions and security capabilities General Responsibilities: • Provide technical and project leadership for IT security solutions o Full cycle engagement and leadership - analysis, requirements development, solution request-for-proposal (RFP) support, design, documentation, implementation, operationalization, and maintenance o Definition of control effectiveness metrics and establishment of on-going visibility and reporting o Integration into product-related lifecycle activities o Development of operational plan for transition of the security solution to run • Evangelize agile culture and DevSecOps shift-left mentality within and outside of information security department • Actively participate in team scrum activities in a hybrid productized and projectized environment • Properly document and manage scrum stories from sprint to sprint, ensuring timely updates • Provide input for development of domain/product-related roadmaps, tactical execution plans with SMART OKRs (objectives and key results), and assist in related activities (e.g. current state documentation, gap analysis, resource estimations) • Focus on self-service, automation opportunities and quality of supporting documentation

COMPETENCIES • 5+ years of experience in security analysis/security consulting capacity • Security certifications - CISSP, addition of CCSP is a plus • Superior written, presentation, and verbal communication skills • Well versed in industry standard frameworks such as NIST, CIS, CSA CCM, Mitre Telecommunication&CK, ISO 27001, OWASP, and other • Prior experience developing information security standards/policies and patterns • Fundamental understanding of identity federation, PKI, virtualization, cloud security reference architectures • Ability to stay up to date on latest threat landscape developments • Ability to present in threat briefings, security demos, and security brownbag sessions on different security topics • Strong oral, written, and presentation skills • Strong analytical and problem-solving skills

Preferred Experience: • DevSecOps and product security • Previous IT or IT security engineering • Experience working in agile or hybrid agile environment • Previous scripting or software engineering experience in C#, Python, GoLang, or similar

TRAVEL REQUIREMENTS: • Racine and Chicagoland area
  • ID: #49263027
  • State: Wisconsin Kenosha-racine 53401 Kenosha-racine USA
  • City: Kenosha-racine
  • Salary: USD TBD TBD
  • Job type: Contract
  • Showed: 2023-02-17
  • Deadline: 2023-04-17
  • Category: Et cetera