Information Security Analyst (Networking Emphasis)

Standort: Seattle, Washington Gehalt: US$90000 - US$150000 per annum
Bereich: Media & Entertainment Bereich: Festanstellung
Reference #: PR/054829_1539377928

The role of every Information Security team member is to support the overarching values and business goals of the client as they relate to meeting legal and regulatory obligations; protecting member, employee and vendor privacy; and ensuring a technologically secure operating environment.

Information Security Analysts support our tools and projects along with consultative services, work with vendors for product consideration; perform auditing of information system activities; create and maintain documentation related to policies, standards and procedures; and mentor team members with lesser subject matter expertise.

This Analyst position focuses on Networking technology and design along with Logging technologies. Must have recent experience with Networking technologies and understanding of DNS and routing protocols. Must have hands-on, recent experience with logging tools such as Splunk, syslog-ng, or Rsyslog, and Loglogic or Balabit. This position will be a key member of the Information Security team to support and develop tools and projects involving networking and logging technologies. This will involve working with many groups throughout IT and our International IT groups.

Tasks and responsibilities

Ability to work analytically to solve both tactical and strategic problems.
Assesses centralized user and configuration management systems.
Performs and/or coordinates regular security assessments of existing or new infrastructure.
Analysis of network protocols, data flows, architectural diagrams, and/or network traffic flows in conjunction with security zones and/or architectural strategies to ensure secure communication of data.
Recommends alternative solutions to proposed network connections for lowering risk to client while still meeting business needs and objectives.
Performs duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.
Works with information systems custodians (i.e., department managers, user community and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with client's Information Security Policy.
Assists with auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments.
Partners with other Information Security groups to conduct security assessments on new solutions and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices.
Assists in other areas of the department and company as necessary.

Required skills, abilities, and certifications

Experience with networking technologies, such as firewalls, routers, load balancers, and proxies.
Experience with network segmentation and/or security zones for applicable data protection according to data classification.
Willing to share knowledge and assist others in understanding technical and business topics.
Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
Demonstrated experience of "hands on" security knowledge of one or more of the following platforms: Windows, Linux, UNIX, AIX, 4690, or iSeries.
Experience with Threat Modeling, security assessments, and evaluating mitigating controls.
Experience with wireless network and network-based detective controls like IDS, IPS and various SIEMS.
Working knowledge of networking protocols.
Working knowledge of web technologies and cloud computing.
Ability to interpret information security data and processes to identify potential compliance issues.
Ability to quickly understand complicated data flows in order to identify and validate security requirements.
Must be a team player and willing to establish a strong positive working relationship with all areas of the business.
Ability to work effectively, independent of assistance or supervision.
Innovative, creative, and extremely responsive with a strong sense of urgency.
Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone.

Recommended skills, abilities, and certifications

A Bachelor's degree in Computer Science or a minimum of 3 to 5 years of information systems security or related data processing auditing experience.
One or more professional audit or security certifications such as CISA or CISSP (or equivalent work experience).
Experience with performing vulnerability scans and assessments
Experience performing computer forensics.
Familiarity with SOA governance and policy management best practices.
Familiarity of SDM, SDLC, and project management processes.
Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI
Familiarity in a DevOps or DevSecOps environment.