Senior Cybersecurity Professional

Job Summary

• We are seeking a highly skilled and experienced security professional to join our team as a Senior Security Analyst.

Key Responsibilities:

• Provide compliance guidance to cloud security offering business units and product teams.
• Support Internal/External ISO 27001/9001, SOC 2, SOC 1, and any new regional assessments requirements (e.g. IRAP) to support business growth.
• Work effectively as part of a geographically distributed team.
• Develop and maintain security operations processes & documentation (e.g., runbooks, operating procedures, Cyber Incident response).
• Maintain event collection environment through health monitoring and logs from Fire Walls, VPN, Email protection, Network Analytics, access control cards system, and CCTV.
• Interact with various security products and platforms, including: O365, MimeCast, WorkspaceOne, Fortinet, Cloud Hosting Providers (Azure, AWS), and others.
• Provide support for implementation and maintenance of SIEM, DLP, endpoint protection, and other security tool alerts.
• Provide hands-on based input of vendor proposals and emerging security technologies and systems.
• Coordinate, track, and manage CEII compliance.
• Provide technical expertise and support to IT management and staff in the implementation of security/protection technologies and network systems/applications.
• Assist with penetration testing and vulnerability management efforts.
• Participate in customer audits and respond to infosec questionnaires as part of the RFP process.
• Participate in incident management activities which include associated investigations, ticket response, communications including periodic tabletop exercises.
• Assist in Risk Management, Vendor Management, and governance of Information Security policies across the company.
• Continuously improve our security practices and processes and keep company and customer data safe across our services and infrastructure.
• Design and build metrics and dashboards to track security incidents, vulnerabilities, risks, and awareness.
• Perform continuous monitoring of the controls including but not limited to:
• Track and Monitor ISO and SOC 2, SOC 1, and overall common control framework, gather and review evidences.
• Vulnerability and hardening compliance scan monitoring, reporting, and reviews.
• Driving vulnerability remediations within prescribed timeframes.
• Inventory management and reporting.
• Vulnerability deviation request processing, tracking, and reviews.
• Plan of Action & Milestones (POA&M) updates and submissions.
• System Security Status reporting.
• Monthly Continuous-Monitoring Metrics reporting.
• Compliance review of Significant change requests.">

Required Skills and Qualifications:

• Minimum 6 years of related experience in Compliance and information security.
• Well-versed in technologies like Windows, Antivirus, Data Loss Prevention (DLP).
• Must have experience in Firewalls, Cloud platforms, and content filtering solutions.
• Must have experience in creating and maintaining security policy documents.
• Good to have experience with regular vulnerability and web application scanning methodologies.
• Crisis management (Incident Management) identification and reporting.
• Network and cloud-based penetration testing experience required
• Incident response experience and prepare relevant security metrics dashboards
• 2-4 years' experience with Firewall, Network, Anti-Virus, DLP, Azure, AWS, and Desktop security administration
• Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers)
• Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products
• Insider Threat Hunting and Analysis
• 2 + years of professional experience focused on ITIL standards and practices.
• Knowledge of current security standards, including ISO 27001, ISO 9001, SOC2, SOC 1, FERC, CEII, GDPR
• Ability to understand enterprise business computing operations/requirements, and cloud-based cybersecurity services.
• Working knowledge DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines)
• Must have a general hands-on IT background with the capability and enthusiasm of delving into new technologies.
• Must be willing to work in different time zones.
• Good communication, presentation, documentation skills.
• Collaborate closely with Cloud Ops, IT, and Other functions as a first-line security point of contact within the GRC team.

Benefits:

• Competitive salary and benefits package
• Opportunities for career growth and professional development
• Collaborative and dynamic work environment
• Recognition and rewards for outstanding performance

Others:

• Good to have experience with regular vulnerability and web application scanning methodologies.
• Project Management knowledge and experience are a strong plus.