Information Security Analyst - Ogden, United States - Chromalox

    Chromalox
    Chromalox Ogden, United States

    1 month ago

    Default job background
    Description

    RLI is a different kind of company.

    It's a place where talented people can experience an entrepreneurial culture and the energy it fosters. They have the freedom and the authority to do things their way, the resources to help make it happen and a share of the rewards when they succeed.

    We are currently seeking a talented Information Security Analyst who will be responsible for assisting the administration of RLI's vulnerability management program, maintaining Sarbanes-Oxley and PCI DSS compliance programs. This person will also assist in a variety of projects for recommending, designing, implementing, and administering pragmatic information security controls that meet dynamic, tactical, and strategic information security objectives.

    PRINCIPAL DUTIES AND RESPONSIBILITIES

    1. Identify security issues and risks associated with security events and manage the incident response process.
    2. Perform network and system forensics in response to security incidents.
    3. Develop and implement remediation plans based on identified security events.
    4. Conduct risk assessments, penetration tests, and diagnose internet/extranet security, intrusion attempts, and cyber-crime response.
    5. Perform project tasks on select security projects including development of requirements, evaluation of competing products, selection and implementation of products.
    6. Assist in developing responses to internal & external audits, penetration tests and vulnerability assessments.
    7. Recommends and coordinates the application of fixes, patches, & recovery procedures in the event of a security breach.

    Required Skills

    • Knowledge of information security best practices, technologies and concepts.
    • CISSP certification recommended. GPEN and GWAPT certification is preferred.
    • Demonstrable experience with industry-standard security technology and assessment tools.
    • Experience performing information security assessments, monitoring security systems and responding to incidents within complex environments with distributed systems.
    • Knowledge of information security frameworks (e.g. NIST, COBIT and ISO2700).
    • Knowledge of security and regulatory standards (HIPAA, SOX, PCI, etc.).
    • Strong knowledge of common operating systems (Windows, LINUX, UNIX) and authentication (Active Directory).
    • Ability to use a wide range of security technologies including, but not limited to: SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, vulnerability scanners to identify and remediate security events.
    • Ability to protect cloud-based and distributed infrastructures.
    • Knowledge of emerging technologies and their impact on security architectures: service orientated architecture, enterprise frameworks, message based information exchange, etc.
    • Ability to use analytical methods in complex business processes to find workable solutions.
    • Ability to communicate findings and recommendations to internal and external contacts on business process matters.
    • Ability to apply a strategic perspective to improve Security functions.

    Required Experience

    Requires a bachelor's degree in computer science, computer information systems, management information systems or a related field and 2-5 years of experience. In lieu of education, 5-8 years of experience is required.

    Qualifications:

    • Knowledge of information security best practices, technologies and concepts.
    • CISSP certification recommended. GPEN and GWAPT certification is preferred.
    • Demonstrable experience with industry-standard security technology and assessment tools.
    • Experience performing information security assessments, monitoring security systems and responding to incidents within complex environments with distributed systems.
    • Knowledge of information security frameworks (e.g. NIST, COBIT and ISO2700).
    • Knowledge of security and regulatory standards (HIPAA, SOX, PCI, etc.).
    • Strong knowledge of common operating systems (Windows, LINUX, UNIX) and authentication (Active Directory).
    • Ability to use a wide range of security technologies including, but not limited to: SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, vulnerability scanners to identify and remediate security events.
    • Ability to protect cloud-based and distributed infrastructures.
    • Knowledge of emerging technologies and their impact on security architectures: service orientated architecture, enterprise frameworks, message based information exchange, etc.
    • Ability to use analytical methods in complex business processes to find workable solutions.
    • Ability to communicate findings and recommendations to internal and external contacts on business process matters.
    • Ability to apply a strategic perspective to improve Security functions.