Information Systems Security Analyst II
This person will be a technical resource with the ability to work as part of an enterprise-level security team to identify, alert, and resolve security issues. This role will be responsible for providing security advice, insight and recommendations concerning security tools to align with corporate policies.. This role will also provide backup support for other aspects of the security team including reviewing and responding to tickets in the security queue, analysis and development of the integration, testing, operations, and maintenance of information systems security, and identifying opportunities to enhance corporate or business security.
Roles & Responsibilities:
- An understanding of technologies implemented at Clayton and how the security tools impact the enterprise
- Experience with the security tools and techniques utilized within the Clayton environment
- A working knowledge of
- Web application security (testing and common vulnerabilities)
- Managing and implementing security controls required for compliance (PCI, etc.)
- System monitoring, assessment and reporting tools (SolarWinds, Nessus, SEIM)
- PC hardware and software, Windows and Mac Desktop Operating Systems,
- Networking concepts
- System monitoring, assessment and reporting tools (Splunk, IDS, email monitoring and other system.
- A general understanding of firewalls and perform reviews of firewall changes (Cisco, Palo Alto)
- Ability to research, evaluate and provide recommendations on new processes and technologies to enhance Clayton’s Information Security program
- Participate in the creation and maintenance of security documentation (policies, standards, baselines, guidelines and procedures)
- Ability perform incident response activities including the identification, containment, eradication, and resolution of security issues
- Ability to perform or support the execution of various security reviews
- Ability to support the deployment, integration, and initial configuration or enhancements of security solutions in accordance with standards and best practices
- Have an eye for anomalous activity; making things work in unusual or unexpected ways
- Approach ideas and processes from a curious and skeptical viewpoint
- Have the proven ability to pick up detail-intensive tasks quickly
- Understand security concepts and how they apply to network security and secure architecture
- Perform on-call support on a rotating basis with other members of the Security team.
- Maintain detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the identification and resolution of vulnerabilities and threat vectors.
- Other duties as assigned
- Experience – minimum 5 years in IT related roles; Security and Technical Services experience required.
- Coursework, exposure to, and/or Certifications such as CISSP, CISSM, Comp TIA Security+, OWASP Top 10 or Certified Ethical Hacker are beneficial
- Have a proficient level of knowledge concerning information security concepts
- Familiarity with managing security controls and compliance (PCI, etc.)
- Familiarity with network security and aspects of secure architecture
- Strong team player, willing to work with a team of professionals to accomplish goals
- Demonstrate an aptitude for complex problem solving
- Thoroughness and attention to detail in work product and accompanying documentation
- Strong analytical and problem solving skills
- Strong oral and written communication skills
Bachelor’s degree in Information Technology from an accredited university