AutoNation Headquarters Position Summary:
The Information Security Analyst's primary responsibilities include retrieving and analyzing data, network traces and other evidence from computers, networks, and data storage devices. The results of the investigations might be used as evidence in a criminal investigation, to resolve a business or legal dispute, or to detect suspicious activity. This work requires the investigator to be extremely detailed in their work and thorough in how the work is documented and tracked, including understanding, and following chain of custody requirements, for any hardware or mobile storage devices involved. In addition, the Information Security Analyst will act as a Security Operations Center (SOC) analyst handling day to day security alert reviews, alert tuning, and security logging improvements. Organizational Relationships:
The incumbent works with the Information Technology team and the business to support secure information process and technology. Job Responsibilities:
- Act as a lead on Cyber-Incident response activities.
- Participate as part of the Information Security Operations team. Some after hours and weekend work required.
- Support security operations activities responding to alerts, participating in on call schedule, owning and supporting security tools.
- Analyze logs, identify, recommend, and improve current logging requirements.
- Make recommendations to management on enhancements to existing and new security hardware, software or related tools. Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools.
- Perform risk analysis for corporate functional and technical areas relevant to data security.
- Configure, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) (Host/Network/Wireless), secure file transfer, Data Loss Prevention (DLP), full disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, application whitelisting, vulnerability management, threat hunting, etc.
- Identify security threats and provide recommendations and remediation steps.
- 3 - 5 years investigating and documenting security incidents.
- Experience working with forensics tools and developing processes i.e. Splunk, Sentinel, FTK, Encase, Infocyte, Tanium et al.
- Identify and recommend potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key security risks. Partner with various business units to enhance security policies/procedures.
- Create and maintain data security documentation, policies, and procedures.
- Assists in the identification, response, investigation, and remediation of potential breaches of and issues surrounding data security.
- Responsible for executing programs for user awareness, compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.
- Responsible for providing support during off hours in an on-call rotation.
- Provide technical guidance on security/privacy policies and standard development and Subject Matter Expert (SME) to enterprise architects and other technologists.
- Responsible for supporting programs for compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.
- Perform other job-related functions as assigned.
- Demonstrate behaviors consistent with the Company's Vision, Mission, and Values in all interactions with customers, co-workers, and suppliers.
- Adheres to all company policies, procedures, and safety standards.
- S. Degree required in Computer Science, Information Technology, or related field of study; or any equivalent combination of relevant background, skills and experience.
- 3-5 year's relevant experience in Information Security in medium to large organizations.
- Azure/AWS security experience
- One or more security certifications such as CFCE, CCE, CSFA, CISSP, CISA, SANS GIAC, or relevant security certification(s) required. Additional technology certifications such as MCSE, CCNA/CCNP, PMP, etc. preferred.
- Hands-on experience with two or more of the following: data loss prevention technologies, incident response and remediation, network security services, ethical hacking and vulnerability scanning, firewall and intrusion detection technologies.
- High degree of proficiency MS Office Suite, Outlook & Internet applications.
- Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills
- Strong verbal and written communication skills.
- Strong negotiation/mediation skills.
- Demonstrated collaborative skills and ability to work well within a team.
- Ability to work with and influence senior management.
- Ability to work in a fast-paced and deadline-oriented environment.
- Self-motivated with critical attention to detail, deadlines and reporting.
Next Possible Position: Senior Engineer, Information Security Physical Requirements:
The intent of this job description is to provide a representative summary of the major duties and responsibilities performed by incumbents of this job. Incumbents may be requested to perform job related tasks other than those specifically presented.
- Extended working hours may be required as dictated by management and business needs.
- Ability to travel (25%) to multiple facilities as business needs dictate.
- May be required to lift, push, or pull materials weighing up to twenty (20) pounds.
- May be required to sit and review information on a computer screen for long periods of time.
- May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard.
Posting ID: 575793384Posted: 2020-09-24