IT Security Analyst
Think Bigger. Build Smarter. Create Great Software.
SmartBear helps the world’s most recognized companies develop the world’s best applications. SmartBear has played a role in the ride you ordered, the banking app you use, the item you posted for auction, or that flight you just purchased. SmartBear's award-winning suite of testing software enables organizations to meet frequent release deadlines without sacrificing software quality, all while reducing testing costs. Additionally, our award-winning collaboration software helps development, testing and management teams work together to produce high quality software elevating a business’ ability to communicate and complete objectives more efficiently.
Due to massive growth and market success, SmartBear is continuing to hire employees rapidly to scale our company globally. We are looking for an IT Security Analyst to join our team. Reporting to the Director of IT, the IT Security Analyst will be responsible for increasing information integrity, confidentiality, and availability through the integration of security policies, security awareness, access controls, environmental controls, and the implementation of security-related technology. Responsibilities will include working with the IT team, Development teams, and business units to develop, maintain, and monitor an effective information security program designed to ensure the logical and physical protection of the company’s technical resources, which include data/information, equipment, and software.
Responsibilities
- Support technology and project management as they relate to security team backlog and security hygiene activities
- Facilitate a metrics and reporting framework to track security hygiene activities and measure the capability of the security hygiene program
- Collect, analyze and disseminate security hygiene metrics to the appropriate audience in a timely manner
- Track the security hygiene metrics reviewed and actioned
- Liaise with teams to ensure all security hygiene items are actioned accordingly
- Provide guidance and support to teams as it relates to security best practices
- Maintain up-to-date security policies, standards and guidelines
- Organize information security risk assessment process, including the reporting and oversight of treatment efforts to address findings
- Testing and Remediation: Coordinates the efforts, assist in the responses, and tracks the remediation of Information Security Program Assessments and Risk Assessment. Coordinated internal and external audits related to Information Security.
Qualifications
- Minimum of 1-3 years of real-world IT security and integration experience including datacenter integrations.
- Bachelor’s degree in information systems or related field required. Focus on security strongly preferred and relevant certifications are a strong plus: CCNA, MCITP/MCSE, CCSP, Security+
- Proficient in network security structure and placement of security services such as firewalls, IDS/IPS, and content filtering
- Experience with data protection & archiving, disaster recovery, business continuity and implementation
- Ability to create documentation that describes technical details in a meaningful manner
- Experience working across multiple teams from Help desk, Infrastructure, Legal, and DevOps to Executive Leadership
- Lead security event incident management solutions (SEIM), experience performing security incident response and/or investigation
- Industry knowledge of border testing, security policies, DR procedures & policies, remediation strategies and risk assessment is required.
- Knowledge of industry and best practices from organizations such as International Standards Organization (ISO), Center for Internet Security (CIS and national Institutes of Standards (NIST) is a plus
- Deep understanding of current and emerging threats, vulnerabilities, and attack vectors used to compromise enterprise and critical infrastructure. Prior experience in developing mitigation strategies to combat those risks is required
- Experience analyzing malicious network traffic using packet-level capture techniques
- Experience performing manual evaluation of networks, systems, and applications for vulnerabilities including examining firewall rulesets, current patch levels, and inspecting logs for anomalous entries
- Experience evaluating enterprise network and system architectures to determine recommended security improvements
Preferred Skills
- Knowledge of JIRA is a plus
- Experience with tools like Qualys and Tanium
- Experience with information security, cyber security, and privacy issues and awareness of regulated data environments (e.g. PCI, SOX, FERPA, HIPAA, and COPPA) a plus
- Ability & desire to learn new product lines and technologies quickly & efficiently
- Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude
- Strong written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
- Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism
- Ability to complete work to given quality standards by agreed-upon deadlines
About Us
SmartBear is behind the software that empowers developers, testers, and operations engineers at over 20,000 of the world’s most innovative organizations including Adobe, JetBlue, MasterCard, and Microsoft. More than 6 million people use our tools to build, test, and monitor great software, faster. Our high-impact tools are easy to try, easy to buy, and easy to use. These tools are backed by a team of people passionate about helping you create software that transforms our world. Those tools are SmartBear tools. That team is SmartBear. For more information, visit: http://smartbear.com, or follow us on LinkedIn, Twitter, or Facebook.
SmartBear is an equal employment opportunity employer and encourages success based on our individual merits and abilities without regard to race, color, religion, gender, national origin, ancestry, mental or physical disability, marital status, military or veteran status, citizenship status, age, sexual orientation, gender identity or expression, genetic information, medical condition, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), or any other legally protected status.