Data Security Analyst 9/15/2016
National General Insurance Company
JOB DESCRIPTIONAPPLY Description
A Security Analyst detects and prevents cyber threats to an organization with a primary directive to keep attackers out. Each day, the Security Analyst seeks out weaknesses of the company's infrastructure (software, hardware and networks) and finds creative ways to protect it. The Security Analysts is responsible for analyzing data and recommending changes to management (not authorizing and implementing changes). The Security Analyst will work with Security Administrators (whose primary roles is to ensure that systems are working as designed (i.e. make changes, apply patches and set up new admin users, etc.).
The Security Analyst must continually adapt to stay a step ahead of cyber attackers. They must stay up to date on the latest methods attackers are using to infiltrate computer systems and on IT security. The analyst will research new security technologies to help decide what will most effectively protect the organization. This may involve attending cybersecurity conferences to hear firsthand accounts of other professionals who have experienced new types of attacks, reading trade journals, or attending local ISA/ISACA/InfraGard chapter meetings.
* Plan, implement and upgrade security measures and controls
* Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction
* Maintain data and monitor security access
* Perform vulnerability testing, risk analyses and security assessments
* Conduct internal and external security audits
* Anticipate security alerts, incidents and disasters and reduce their likelihood
* Manage network, intrusion detection and prevention systems
* Analyze security breaches to determine their root cause
* Recommend and install appropriate tools and countermeasures
* Define, implement and maintain corporate security policies
* Train fellow employees in security awareness and procedures
* Coordinate security plans with outside vendors
* Assess vulnerabilities; determine and initiate the required remedial action
* Conduct examinations of computers, system logs, applications and networks security events
* Provide reporting on security exposures, including attempts and/or misuse of information assets and noncompliance
* Verify protection levels against end user threats as it relates desktop, laptops and mobile devices
* Identify new threats and evaluate mitigation actions
* Identifying and resolving root causes of security related problems.
* Resource for in-house information security risk assessments
* 60%: Researching monitoring for cyber risks
* 15%: Triaging and responding to found risks incidents
* 25%: Reporting on risks and SME support to initiatives
* 3+ years of experience in security administration
* 1 to 2+ years' experience in security analyst roles
* B. S. in Computer Sciences or equivalent experience.
* CEH, ECSA, GSEC/GCIH/GCIA - GIAC, CISSP certifications desired.
* Demonstrated knowledge of HIPAA, PCI, SOX, ISO27000, NIST Cybersecurity Frameworks.
* IDS/IPS, penetration and vulnerability testing
* DLP, anti-virus and anti-malware
* TCP/IP, computer networking, routing and switching
* Firewall and intrusion detection/prevention protocols
* Windows, UNIX and Linux operating systems
* Network protocols and packet analysis tools
* C, C++, C#, Java or PHP programming languages
* Cloud computing
* SaaS models
* Security Information and Event Management (SIEM)
Design and Deploy
Assists in the planning, design and implementation of security measures created to safeguard access to resources, enterprise networks, computer systems, web applications, and data elements. Anticipate threats and address security incidents across production and corporate environment.Identifies emergent vulnerabilities, evaluates associated risks and threats, and designs network vulnerability scans to identify security vulnerabilities and provides remediation alternatives to the organization. Leads the evaluation of vendor proposals, new and existing security designs, and emerging security technologies and systems.
Monitor, Detect, Respond and Maintain
Monitor security events and conduct regular reviews of log files, platforms, products and services. Stay current on the latest threats, countermeasures, and regulations that may affect the organization.Participate in the response, investigation, resolution and root cause of security incidents.Conduct daily, weekly, and monthly proactive maintenance activities.
Assess and Remediate
Provide ad-hoc penetration testing as necessary for defects/issues identified by the industry.
Risk Management and Compliance Support
Assist in the enforcement of information security policies and standards, and providing assistance with the implementation of such policies and procedures throughout the enterprise.
Leadership and Strategy
Serve as the information security SME / awareness training liaison by providing guidance and consulting to IT infrastructure and application development teams, internal and external auditors, regulatory compliance, legal and business units on matters related to information security.Demonstrated experience with creating and communicating reports regarding vulnerabilities and risks to various levels of personnel within large organization.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.