Senior Information Security Analyst at SmartBear
Think Bigger. Build Smarter. Create Great Software.
Senior Information Security Analyst
The Sr. Information Security Analyst is responsible for assessing information risk and alerts, supporting and acting as a key member of the team to identify and implement mitigation and remediation actions. They work collaboratively to help mature the security program and implement controls, policies and procedures to ensure confidentiality, integrity and availability of our systems and services.
The Sr. Information Security Analyst will safeguard sensitive and proprietary information and prevent unauthorized access, troubleshoot security issues including but not limited to access control, regulatory compliance (SOX, SOC2), network/telecommunications, handle problems that impact system stability due to security related issues, and administer existing and new security tools according to best practices and compliance guidelines.
What you will be responsible for:
The following statements are intended to describe the general nature and level of work to be performed. These are not to be construed as an exhaustive list of all job duties performed by this role.
- Monitor security risks, analyze vulnerability assessments, and balance security with business rules/needs
- Manage threat management, intelligence analysis/management and statistical analysis of intelligence processes
- Perform ongoing information risk assessments and audits to ensure that information systems and data are adequately protected and meet regulatory and policy requirements
- Implement advance Incident Handling process and procedures
- Monitor and respond to alerts from various detection technologies, including EPP, EDR and SIEM solutions
- Ensure that Information Security best practices and configurations are included in desktop, server, and network configurations
- Work with other IT professionals to resolve fast moving vulnerabilities such as phishing and malware, and monitor and track remediation efforts across the enterprise
- Complete periodic reviews on a number of security platforms to ensure the safety and integrity of the organization's data and systems
- Monitor security vulnerability information from vendors and third parties
- Provide guidance and support to teams as it relates to security best practices
- Assist with the maintenance of up-to-date security policies, standards and guidelines
Skills that you will possess in order to succeed:
- 3+ years of experience
- Ability to work with multiple teams including corporate IT, DevOps, Development, and various non-technical departments to help remediate security issues
- Able to work in a small team and take ownership of issues to ensure they are addressed appropriately
- Technical skills and knowledge including networking principles, CIA processes, how people, process and technology are part of the solution
- Industry knowledge of security and privacy frameworks and recommended controls (NIST CSF, CIS, ISO27001, NIST Privacy etc)
- Performing security incident response and/or investigation
- Experience performing evaluation of networks, systems and applications for vulnerabilities including examining firewall rulesets, current patch levels, and inspecting logs for anomalous entries
- Experience with security services such as firewalls, IDS/IPS, and content filtering
- Experience with data protection & archiving, disaster recovery, business continuity
- Experience with tools including: Vulnerability scanners, Endpoint protection, SIEM
- Ability to create documentation that describes technical details to a non-technical audience
- Knowledge of IT controls, including security concepts and terminology related to applications, databases, operating systems, and IT operations
- Experience with information security, cyber security, and privacy regulations
- Ability & desire to learn new product lines and technologies quickly & efficiently
- BS in Computer Science or IS related field required,
- Base Certifications Examples: CCSP, CISSP, Security+, CISA, GSEC, SSCP
At SmartBear, we focus on your one priority that never changes: quality. We know delivering quality software over and over is complicated. So our tools are built to streamline your process while seamlessly working with the products you use – and will use. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span from test automation, API lifecycle, collaboration, performance testing, test management, and more. Whichever you need, they’re easy to try, easy to buy, and easy to integrate. We’re used by 15 million developers, testers, and operations engineers at 24,000+ organizations – including world-renowned innovators like Adobe, JetBlue, FedEx, and Microsoft. Wherever you’re going, we’ll help you get there. Learn more at smartbear.com, or follow us on LinkedIn, Twitter, or Facebook.