banner image

Information Security Analyst 19-00013

Call for compensation details
06-14-2019 09:57 PM
Our client a growing specialty retail organization, located in Center City, Philadelphia, is looking to hire an Information Security Engineer. This position will be reporting into the Director of Networking and Security.
The Information Security Engineer will be responsible for developing security standards, maintaining compliance with PCI and SOX requirements, and providing support for the firm's global enterprise network.
Experience in the following areas required:
  • 2+ years Administering, supporting, and implementing Windows client (Windows 7+) and server (2003+) computer systems
  • Knowledgeable in the following concepts/systems:
    • Assessing vulnerabilities on a host
    • Security Information and Event Management (SIEM)
    • Understanding SQL and Oracle databases
    • Windows Services
    • Linux-based operating systems
    • Understanding of PCI DSS and Sarbanes-Oxley (SOX) regulations and auditing procedures
  • 1+ years Administering, supporting, and implementing, security solutions in at least 3 of the following areas:
    • Centralized Log Management
    • Information System Event Correlation
    • Secure E-mail Gateway
    • Host-based anti-malware or HIDS/HIPS
    • Network-based anti-malware or NIDS/NIPS
    • Vulnerability Management and Assessment
    • Secure Configuration Management
    • Network Access Control
    • Incident Management
    • Third Party Information Security Service Assessments
  • 1+ years as a Security Incident Handler or Security Analyst
  • Information Security best practices
  • Writing technical, procedural, compliance, and training documentation to be consumed by IT professionals, upper management, end users, and auditors
Strong Advantage:
  • Bachelor's degree, or foreign equivalent, in Computer Science, Networking, Engineering, or a related technical field
  • A+, Network+, Security+, CCNA certification
  • Information Security Certifications from GIAC, Offensive Security, and/or Information System Security Certification Consortium (ISC)2
  • Understanding and knowledge of threat actor kill chain methodologies
  • Knowledgeable in malware forensics or reverse engineering malware
  • Knowledge of Technical Indicators of compromise sources and applications to information system data
  • Understanding of SANS, CIS, NIST, and/or ISO approaches to Information System Risk/Threat Management
Job Responsibilities:
  • Triage and manage PCI and SOX Audits
  • Research and recommend security technologies and initiatives based on business needs and regulatory requirements (PCI, SOX, etc.)
  • Engineering and Administration of Information Security Tools
  • Development of Correlation use cases based on business needs and emerging threats
  • Develop information security policies and procedures
  • Analyze and respond to information security incidents sourced from the user community, log data, system data, host-based anti-malware systems, network-based antimalware systems, packet analyzers, traffic analyzers, and vulnerability data
  • Proactively identify, assess, and design remediation plan for risks and vulnerabilities in the network
  • Analyzing the current security architecture to identify weaknesses and develop opportunities for improvement
  • Communicate, implement, and maintain security policies and controls
Apply with LinkedIn
Can't find the job you're looking for?
Complete this short form & submit your Resume then we will do the rest
(Permitted file size is 5Mb and file types are: doc, docx, txt, pdf, rtf, xls)
Attach Resume*