Senior Information Security Analyst
Are you passionate about security in the cloud? Are you looking for a place to put your skills in vulnerability management, penetration testing to use on the latest cloud based technologies? If so, Clarabridge is the place for you. We are seeking a Senior Information Security Analyst to join a highly successful team within a fast paced growth company.
The Senior Information Security Analyst is responsible for vulnerability management and penetration testing to ensure administrative, physical and technical safeguards and electronic protection of data, including access control, intrusion detection, virus protection, incident response, and security operations activities.
The incumbent contributes to the development and implementation of security policies and procedures, and works cross-functionally to address vulnerabilities, threats, security gaps, and security and privacy controls. Incumbent assists with analyzing security requests on distributed systems; implementing and supporting security solutions, procedures, and auditing activities. Further, the incumbent shall assist with identifying current and emerging cyber events, cyber threat analysis, along with developing countermeasures with known and/or discovered indicators.
What you'll do:
The Information Systems Security Analyst reports to the Director, Information Security and has the following responsibilities:
- Responsible for application level penetration testing. This includes designing, developing, and conducting internal penetration tests as well as coordinating with third parties to conduct external penetration tests.
- Coordinates vulnerability management, security operations center (SOC), intrusion detection/prevention (IDS/IPS), and cyber and physical threat analysis activities.
- Analyzes information security systems and applications, and makes recommendations and develops security countermeasures to protect information against unauthorized modification or loss of data.
- Working directly with the application development and systems engineering staff to identify, validate, and remedy security issues
- Analyzes and addresses customer security requirements for all business applications existing on a distributed platform.
- Contributes to and/or develops security awareness training (annual, monthly, event specific) for employees and contractors.
- Assists in the evaluation, selection, and installation of security products.
- Identifies distributed systems security issues as they arise and coordinates with appropriate business units and customers to ensure issue mitigation in a timely basis.
- Executes established procedures necessary to continue operations in an emergency.
This position requires or prefers the following competencies for this position:
- Bachelor’s degree with at least five years or associate’s with seven years of experience preferred. Prefer degree in Information Assurance, Computer Science, Information Security, or other IT/security-related discipline.
- Professional certifications (CISSP, Security+ or other security-related) are required.
- Experience with ISO, NIST, HITRUST, SOC auditing desired, and PCI helpful.
- Experience with EU-U.S. Privacy Shield (formerly U.S.-EU Safe Harbor) and other international data protection laws strongly desired.
- Experience with major IaaS (Infrastructure as a Service) providers such as Amazon AWS, IBM SoftLayer, etc.
- Hands on penetration testing experience with tools such as Burp, etc.
- Must have familiarity with OWASP and architectures including systems, networks, and a variety of the security concepts, practices, and procedures.
- Experience with SIEM, security operations center, IDS/IPS, antivirus central management, BCP/DRP activities required.
- Physical security experience is strongly desired.
- Coordination activities with external information sharing and analysis centers strongly desired.
- Experience conducting internal audits and working with internal and external customers.
- Strong communications skills, with the ability to speak to a variety of audiences about complex security matters.
- Able to perform and prioritize a variety of tasks.
Back to top