Senior Security Analyst - Virginia, United States - ABS-CBN

    ABS-CBN
    ABS-CBN Virginia, United States

    2 weeks ago

    Default job background
    Description


    ABS-CBN is considered one of the country's leading media and entertainment companies, with service offerings across the different platforms of media, servicing a wide array of customer segments.


    As an organization, ABS-CBN affirms its mission of being in the service of the Filipino and all of its stakeholders worldwide.

    The company is driven to pioneer, innovate and adapt as it continues to provide information, news and entertainment that connects Filipinos with one another and with their community - wherever they may be.

    ABS-CBN is firmly committed to pursuing excellence.

    Prior to the shutdown of its broadcast operations in 2020, ABS-CBN was the largest television network in the Philippines.

    As a radio broadcast company, it operated 22 radio stations including anchor radio stations in Mega Manila, DZMM and DWRR, in the AM and FM bands, respectively.


    The company delivers television programming outside of the Philippines to over 3 million viewers in North America, the Middle East, Europe, Japan, Australia, Canada, and other countries in Asia, through the internet and the Company's global distribution platform, TFC, using DTH satellite service, cable television channels, IPTV, mobile applications and video streaming services.

    Its offerings are further complemented by subsidiaries focused on other multimedia services such as film production, music recording, telecommunications, and magazine and book publishing.


    RESPONSIBILITIES


    Provide Information Security Senior Level support and expertise in the following areas but not limited to: Governance, Policies, Processes, Vulnerability Management, Incident Management, Network Security, Server Security, Identity and Access Management, End-Point Protection, Application Security, Cyber Incident Response, Data Loss Prevention, User Awareness and Security Audit.


    Responsibilities:
    Conduct Vulnerability Assessment using manual or automated tools and interpret the results.
    Conduct Penetration Testing when required or as necessary.
    Conduct Database and Application Risk Assessment

    Work with the different IT teams in identifying high-risk security issues and recommend appropriate solutions and strategies to mitigate the risks.

    Analyze and provide recommendations for assessments to Internal Audit, VA, and PT among others if done by third party.
    Validate compliance on security requirements based on available standards and best practices.
    Validate remediation activities conducted by network, systems administrators, and application developers.

    Assist in updating the risk treatment plan and collaborating with system owners of their immediate supervisors to maintain security risk levels to acceptable standards based on risk rating.

    Conduct review sessions with the different groups to assess new releases, new security risks, Access Reviews, maintenance and clean-up, security assessment and assurance reports, Standards update, etc.

    Act as level 2 resource for security analyst team
    Perform other routine IT risk and security administrative tasks.
    Be the SME for the different technology and business groups for InfoSec-related matters.

    REQUIREMENTS
    Bachelor's degree/College/University graduate in IT, Computer Science, Computer Engineering, ECE, Programming or related fields
    Minimum 6-8 years of work experience in IT and Information Security field
    2 to 3 years of working experience in application security assessment and penetration testing
    Hands-on experience with vulnerability management systems, preferably Qualys
    Familiarity with SAST/DAST tools, preference will be given to those with hands-on experience
    With experience in programming languages commonly used in web and mobile applications
    Working knowledge of different security architectures, standards, technologies, and concepts such as but not limited to VA/PT, SIEM, DLP for gateway and endpoints, NGFW, UTMs, IPS/IDS, WAF, Cloud Infrastructure, Security Operations Center, Digital Forensics, User Awareness platforms, Patch Management
    Working knowledge of IT Infrastructure such as but not limited to network, systems, applications, etc.
    Analytical, organized, excellent oral and written communication skills.
    Preference will be given to applicants who have active certifications (CEH, CISSP, CISM, Security+, CCNA security, or equivalent)
    Preference will be given to candidates who

    APPLY ONLINE.

    #J-18808-Ljbffr