Senior Information Security Analyst
Quality isn’t just a goal. It’s the whole point.
Our customers are under a lot of pressure to deliver great software. But to compress lifecycles, add features, and compete in a world where ‘every company is now a software company’ is hard. And one mistake can mean their reputation, even future. That’s why it’s our mission to help. At any part of their software development lifecycle (SDLC), we provide the tools and discipline to focus on quality while streamlining their processes. So our customers can create and deploy software that works as designed – especially when it’s needed most. And we’re looking for people to join us.
The Sr. Information Security Analyst is responsible for assessing information security risk and alerts, supporting and acting as a key member of the Security Operations team to identify and implement mitigation and remediation. They work collaboratively to help mature the security program and implement controls to protect the confidentiality, integrity and availability of our systems and services.
The Sr. Information Security Analyst will safeguard company information and data, helping to prevent and detect unauthorized access, troubleshoot security issues, and improve system tuning and stability. They will also be responsible for researching and testing existing and new security tools..
What you will be responsible for:
The following statements are intended to describe the general nature and level of work to be performed. These are not to be construed as an exhaustive list of all job duties performed by this role.
- Monitor security risks, analyze vulnerability assessments, and balance security with business rules/needs
- Manage threat management, intelligence analysis/management and statistical analysis of intelligence processes
- Perform ongoing information risk assessments and audits to ensure that information systems and data are adequately protected and meet regulatory and policy requirements
- Implement advance Incident Handling process and procedures
- Monitor and respond to alerts from various detection technologies, including EPP, EDR and SIEM solutions
- Ensure that Information Security best practices and configurations are included in desktop, server, and network configurations
- Work with other IT professionals to resolve fast moving vulnerabilities such as phishing and malware, and monitor and track remediation efforts across the enterprise
- Complete periodic reviews on a number of security platforms to ensure the safety and integrity of the organization's data and systems
- Provide guidance and support to teams as it relates to security best practices
Skills that you will possess in order to succeed:
- 2+ years of experience
- Ability to work with multiple teams including corporate IT, DevOps, DevEngineering, and various non-technical departments
- Ability to identify challenges as opportunities to make an impact
- Ability to work in a small team and take ownership of issues
- Technical skills and knowledge including networking principles, CIA processes, threat hunting techniques, and security concepts.
- Industry knowledge of security and privacy frameworks and recommended controls (NIST CSF, CIS CSC, ISO27001, NIST Privacy, GDPR, etc)
- Performing security incident response and/or investigations
- Experience performing evaluation of networks, systems and applications for vulnerabilities including examining firewall rulesets, current patch levels, and inspecting logs for anomalous entries
- Experience with security services such as firewalls, IDS/IPS, and content filtering
- Experience with data protection & archiving, disaster recovery, business continuity
- Experience with tools including: Vulnerability scanners, Endpoint protection, SIEM
- Ability to translate technical details to a non-technical audience
- Knowledge of IT controls, including security concepts and terminology related to applications, databases, operating systems, and IT operations
- Experience with information security, cyber security, and privacy regulations
- Ability & desire to learn new product lines and technologies quickly & efficiently
Education Requirements:
- BS in Computer Science or IS-related field required
- Base Certifications Examples: CCSP, CISSP, CISM, CompTIA Security+, CISA, GSEC, SSCP
About SmartBear
At SmartBear, we focus on your one priority that never changes: quality. We know delivering quality software over and over is complicated. So our tools are built to streamline your process while seamlessly working with the products you use – and will use. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span from test automation, API lifecycle, collaboration, performance testing, test management, and more. Whichever you need, they’re easy to try, easy to buy, and easy to integrate. We’re used by 15 million developers, testers, and operations engineers at 24,000+ organizations – including world-renowned innovators like Adobe, JetBlue, FedEx, and Microsoft. Wherever you’re going, we’ll help you get there. Learn more at smartbear.com, or follow us on LinkedIn, Twitter, or Facebook.
SmartBear is an equal employment opportunity employer and encourages success based on our individual merits and abilities without regard to race, color, religion, gender, national origin, ancestry, mental or physical disability, marital status, military or veteran status, citizenship status, age, sexual orientation, gender identity or expression, genetic information, medical condition, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), or any other legally protected status.