The IS Security Operations Analyst is accountable for the execution of global and regional Security day to day operations which include but not limited to incident response, log monitoring and analysis, DNS request management, review of firewall request, management of network/endpoint security technologies and change management. Ensures operating environments are maintained to optimal performance and meet defined SLAs.
In-depth understanding of global security standards, security technologies such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, SOX, compliance (PCI, ISO), Windows and Linux administration. Implements best practices, operational discipline and integrate appropriate changes as business needs require
Overall, the IS Security Operations Analyst would demonstrate the following skills:
- Ability to formulate and execute the operational support of the organization’s security posture.
- Expertise or working knowledge with the following tools - Intrusion detection, Endpoint protection (SEP, AMP, Windows ATP, CrowdStrike, Tanium, DLP), Zero-day protection, Firewall management (Palo Alto, FortiGate), other networking technologies like Forti Manager, Forti Analyzer, Forti Authenticator etc., Vulnerability management, use of scanners like Tenable, Tenable IO and others, Security Incident Management (SIEM) tools (Splunk, LogRhythm).
- Good understanding of Cloud security such as AWS, 0365, Windows Azure and, Azure Active Directory.
- Develop key risk indicators and metrics to mature the security operations group and function
- Develop and grow internal staff skills and understanding of security risks
- Act as the global lead for security operations criteria
- Review and mitigate escalations from a 24x7 Security Operations Center.
- Tune and configure IDS/IPS, vulnerability management, anti-virus, firewall, and application assessment systems.
- Manage day to day operations and escalate critical issues
- A Bachelor’s degree in Computer Science, Engineering, or related Science and Math discipline with an IS emphasis is required
- 3 years minimum experience working within an enterprise security program
- 3 years continuous experience in Endpoint Security, Network Security, and Vulnerability Management:
- Hands on experience with cloud security (Windows Azure, 0365, Azure AD, AWS VPC etc.)
- Endpoint Security Management (Administration, Deployment, Operations) for tools such as Symantec Endpoint Protection, Windows ATP, Tanium, Symantec DLP, Nyotron, Crowd Strike etc.
- Security Information and Event Management (SIEM) and SIEM tools such as ArcSight, Splunk, LogRhythm etc.
- Firewall administration with products such as FortiGate, Palo Alto, etc.
- Deep technical knowledge in IS technologies, should be the “expert” in operating systems, networking, database and International Business environment
- New computing architectures and implementation of networked computing structures
- Familiarity with emerging threats and mediation of these risks
- Deep understanding of security risks and threats as they relate to the company’s operating environments
- Infrastructure and Application Design and scaling of large-scale high transaction volume B2B and/or B2C websites with global reach
- Documents security procedures
- Monitors compliance with information security policies and procedures, identifying gaps and communicating to business units where appropriate
- Monitors the internal control systems to ensure that appropriate access levels are maintained
- Demonstrated high competency in the execution of multiple projects
- Strong enterprise security understanding
- Understanding of ITIL and its practical application
- Demonstrated competency in strategic thinking and leadership with strong abilities in relationship management
- Demonstrated competency in managing third party providers in IS operations
- Gained experience in managing resources to meet goals across multiple projects
- Gained experience in leading multi discipline, high-performance work teams/groups