As a Senior Information Security Analyst, you will be responsible for strategic information security infrastructure design, policy creation and similar areas of enterprise information security. You will also be tasked with technical and administrative security review of IS projects and initiatives with the business units.
- Experience Required: 5 to 10 years
- Experience Desired: Five years+ experience with open source security software and information security specific tools.
- Education Required: Bachelors Degree
- Certification or Licensing Desired: CISSP, GIAC, CISA
- Travel Required: Regional - Daily, Less than 10%
- Design network and application vulnerability assessment programs and testing methodologies.
- Perform technical risk assessments for enterprise systems and report gaps and remediation actions. Analysis includes automated testing using standard tools as well as manual testing and interrogation of web-based applications.
- Design and configure Intrusion Prevention Systems and passive Intrusion Detection Systems. Create and test custom signatures based on emerging threats or business needs. Perform signature updates and reviews and tuning of sensors. Configure automated reporting and develop escalation procedures.
- Configure SIEM (Security Information and Event Management) platforms to include obtaining data from endpoints and network devices and generating reports. Create automated workflow to address security related incidents.
- Perform regulatory compliance audits including SOX, PCI and HIPAA. Report findings and advise on remediation efforts. Assist in preparing business application owners prior to external audits.
- Lead advisement and interpretation of emerging regulations and legal requirements. Research, monitor and advise on emerging security threats and developments that affect business systems or network infrastructure.
- Lead and advise on security related updates for endpoint applications and server applications, as well as vendor-supplied or proprietary security patches. Responsible for coordination with various teams to ensure patches are deployed in a timely manner based on risk assessment to the organization.
- Design and maintain various cryptographic solutions including x.509 based certificate cryptography, PGP/GPG PKI infrastructure, TLS/SSL tunneling solutions, endpoint encryption and other cryptographic solutions on multiple platforms, both at rest and in motion.
- Perform penetration testing on multiple platforms and network environments including wireless (RF), wired, physical, social and the like, following frameworks such as the OSSTMM and ISSAF.
- Review firewall rules and access control lists for appropriate access - this may include port and protocol analysis to best determine scope of access rules.
- Assist in creating and maintaining information security policies, including technical and administrative policies.
- Have availability for 24/7 rotational support.
- Conduct research on new security technologies and products, both open source and vendor proprietary.
At Giant Eagle Inc., we're more than just food, fuel and convenience. We're one giant family of diverse and talented Team Members. Our people are the heart and soul of our company. It's why we strive to create a nurturing environment that offers countless career opportunities to grow. Deep caring and solid family values are what makes us the one of the top work places for jobs in the Greater Pittsburgh, Cleveland, Columbus and Indianapolis Areas. From our Warehouses to our GetGo's, our grocery Stores through our Corporate home office we are working together to put food on shopper's tables' and smiles on their faces. We're always searching for the best part-time and full-time Team Members to welcome to our family. We invite you to join our Giant Eagle family. Come start a lasting career with us.
Posting ID: 601727239Posted: 2021-01-25