Position: Information Security Analyst IV
Location: Plano, TX
• The Security Analyst IV will be responsible for senior level information security activities within the company. This position will partner with various IT teams to enhance the company’s risk mitigation practices by providing senior level expertise in securing enterprise technologies. The Senior Analyst will work closely with Information Security management to implement the controls defined in the ISO 27001/2 standard and within company policy. This role will be the lead in all intrusion detection and remediation activities as well as leading the design effort for future state enhancements of the overall program.
Key Roles & Responsibilities
• Provide At Home with senior level information security expertise and guidance in securing enterprise technologies, data, and business practices.
• Perform senior level analysis on security event data as well as managing the company’s security log analysis tools and services.
• Work with fellow team members on managing the current DLP solutions, performing routine evaluations of the current design, and providing recommendations for future-state improvements.
• Take the lead on partnering with IT and other business units in performing internal and external penetration testing of the company’s network.
• Compile and present reports based on security event analysis at both at engineer and executive levels.
• Perform risk assessments against new technologies, services, and practices being evaluated by the company and present findings and recommendations to management.
• Mentor fellow team members on security best practices, use of security tools, and advanced intrusion detection and remediation tactics.
• Work with management to maintain and enhance a security design that is compliant with CSF’s such as ISO 27001 and PCI-DSS.
• Work with fellow team members to manage and maintain the company’s intrusion detection and remediation tools.
• Manage and maintain the company’s security event analysis tools.
• Perform routine inspections of IT assets for compliance with company policy and configuration baselines.
• Perform all other tasks as assigned by InfoSec management.
Qualifications & Competencies
• BS in Cybersecurity, Information Security / Assurance, Computer Science or equivalent.
• At least 8 years of work-related experience in the field of information security.
• Must maintain an active CISSP, GSEC, GCIA, or CEH.
• Extensive experience with data collection solutions such as SIEM, IDS, Anti-Virus logs, DNS logs, etc.
• Senior level knowledge of enterprise network architecture concepts, design principles, and security best practices.
• Ability to perform analysis on collected security related data, compile into meaningful reports, and effectively present the findings to management.
• Demonstrate an understanding of well-establish cyber or intrusion kill chain methodologies.
• Previous experience performing penetration testing on IT systems.
• Advanced knowledge of DLP solutions.
• Experience with DISA STIG, CIS baselines, or equivalent configuration guidance.
• Extensive experience using vulnerability scanning tools such as Nexpose, Retina, Nessus.
• Demonstrate an understanding of one or more well-established common security frameworks or standards such as NIST, ISO 27001, PCI-DSS, HITRUST, or equivalent.
• Must be able to demonstrate advanced understanding of Microsoft and Cisco Security technologies.
• Must be able to demonstrate an understanding of security measures and technologies as they relate to the OSI or DOD OSI model.
• Able to perform risk assessments against access control lists across a wide variety of enterprise technologies such as firewalls, file systems, and physical access points.
• Knowledge of encryption technologies and best practices such as securing data at rest, in transit, and how certificate-based encryption works.
• Experience working with IBM i OS and IBM Power Systems is highly desired but not required.
• Previous work experience in a retail and/or publicly traded companies a plus.
• Familiarity with SOX and SSAE compliance a plus.
• Strong PowerShell skills a plus.