IT Security Analyst

We are seeking a highly skilled and motivated Information Security Analyst to join our team. The primary responsibility of this role is to protect our organization's digital assets and sensitive information from unauthorized access, fraud, and cyber threats. The Information Security Analyst will be responsible for analyzing security risks, implementing security measures, monitoring systems for potential vulnerabilities, and responding to security incidents. The ideal candidate should have a strong understanding of information security principles, excellent problem-solving skills, and the ability to work effectively in a fast-paced and dynamic environment.

Reporting to the Director of Infrastructure and Cybersecurity, this role will be to monitor and review cyber security telemetry in a variety of dashboards and tooling, identifying potential malicious activity and responding accordingly in cooperation with the rest of the IT Operations team.

Responsibilities:

● Conduct regular security assessments and risk analyses to identify potential vulnerabilities and threats to the organization's information systems.

● Help maintain and implement effective security policies, procedures, and standards to safeguard the organization's digital assets.

● Monitor network traffic and system logs to identify and respond to security incidents, including investigating and resolving security breaches and incidents promptly.

● Stay up-to-date with the latest security technologies, trends, and best practices to ensure the organization's security infrastructure remains robust and effective.

● Collaborate with cross-functional teams to ensure security measures are integrated into the design and implementation of new systems and applications.

● Conduct security audits and assessments of third-party vendors and partners to ensure compliance with security policies and standards.

● Perform regular vulnerability assessments and penetration testing to identify and address potential weaknesses in the organization's systems.

● Develop and deliver security awareness training programs to educate employees on information security best practices and policies.

● Monitor and respond to security alerts and incidents, including conducting forensic investigations, documenting findings, and implementing corrective actions.

● Maintain documentation of security incidents, procedures, and security controls for compliance and auditing purposes.

Requirements:

● Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CISSP, CISM, or CEH are highly desirable.

● Proven experience working as an Information Security Analyst or in a similar role.

● Strong knowledge of information security principles, best practices, and industry standards.

● Experience with security tools and technologies, such as firewalls, intrusion detection systems, vulnerability scanners, and SIEM solutions.

● Familiarity with network protocols, TCP/IP, and operating systems (Windows, Linux, etc.).

● Excellent problem-solving skills and the ability to analyze complex security issues and recommend appropriate solutions.

● Strong communication skills, both written and verbal, with the ability to effectively communicate complex technical concepts to non-technical stakeholders.

● Ability to work independently and collaboratively in a team environment.

● Strong attention to detail and the ability to prioritize and manage multiple tasks simultaneously.

● Knowledge of regulatory requirements and frameworks, such as GDPR, SOC2, HIPAA, ISO 27001, and NIST.

Preferred Experience:

● Experience collaborating with IT operations and product teams

● Coding experience, python preferred

● Experience with managing Linux systems and services in the Cloud environment

● Log and threat management utilizing SOAR and SIEM

● Disaster recovery Cloud backup and system support experience

● Strong working knowledge of information and physical security in an e-commerce startup environment

● Significant understanding of security and processes Excellent interpersonal skills

● Risk assessment and mitigation: Identify potential data security risks and vulnerabilities, conduct risk assessments, and develop plans to mitigate and manage these risks effectively.

● Data classification and access control:Execute data classification framework and access control mechanisms to ensure appropriate levels of data protection based on sensitivity and user roles.

● Incident response and management: Develop and maintain an incident response plan to promptly respond to and manage data security incidents, including data breaches, unauthorized access, or data loss.

● Security awareness and training: Promote data security awareness across the organization through training programs, communication campaigns, and regular education sessions to foster a culture of security-conscious employees.

● Works with the IT Security and Compliance team to coordinate communications with all departments and levels of management to minimize enterprise risk.

● Assists with Cybersecurity and IT Operations projects.

● Assists IT Management with project planning and goal alignment.

● Strong collaborator and business partner to other departments with demonstrated excellent communication

● Assists with audit processes as needed. Prior exposure to SOC2, ISO 27001, or NIST is preferred.

Preferred qualifications:

● Data security, information security, or related roles

● Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Privacy Professional (CIPP),

● Data security principles, best practices, and industry standards Data protection laws and regulations, such as GDPR, CCPA, or HIPAA

● Network and system security technologies, including firewalls, intrusion detection systems, encryption, and authentication protocols

● Security assessment tools and methodologies

● Experience evaluating host and network forensic reports of electronic media, packet capture, log data analysis, malware triage, and network devices in support of intrusion analysis or enterprise-level information security operations.

● Experience in the consumption, processing, and analysis of tactical Cyber Threat Intelligence (CTI) within an operational environment, supporting monitoring, detection, and response capabilities.

● Experience deploying and analyzing data from technical security controls to include web proxy, firewalls, IPS, IDS, mail content scanning appliances, enterprise antivirus solutions, network analyzers, and other host-based protection solutions.

● Exposure to SDN, Firewalls, Google Cloud and AWS, WAF and CDN experience

● Scripting and alert automation and management

● Good documentation and presentation skills

Benefits

• Excellent health benefits that the company pays for and a 401k with company match.
• Annual Zenni Gift Card
• Interesting projects with opportunities for growth and professional development in a financially stable, successful, growing Company

As of 02/01/2023, the expected salary range for this position is $125,000 to $145,000. Actual pay within this range will be based upon several factors, including without limitation education, work experience, certifications, geographic pay differentials, market conditions, and other business and organizational needs. The Company anticipates that the reasonably expected salary for this position could change in the future and, therefore, the Company retains the right to change, modify, or revisit the salary range for the position for various reasons, including the Company’s business needs.