Job
Description
Job Title: Information Security Analyst (InfoSec Analyst) Location: Remote Job Type: Fulltime YoE: 12+ years relevant experience Shift: 2 to 11 pm IST Description: The Information Security Analyst is responsible for the defining, planning, and monitoring of security measures for the protection of computer networks and information. This individual will also be responsible for monitoring and analyzing network security hardware and software and assist in the development and enforcement of network security policies. This position will work within the legal department and report to the Director, Head of the Security, Compliance, & Risk (SCR) department. Duties and Responsibilities: The following duties are normal for this job. These are not to be construed as exclusive or all-inclusive. Other duties may be required and assigned. Defines, maintains, and reports on overall computer network security strategies (Best Practices/Common Practices) with all information assets connected to the Vaco network. Must have the ability to communicate security policies and strategies to people of varying technical ability both verbally and in written format. Monitors operation of, and provides reports on, perimeter security systems such as firewalls, routers, proxy servers, intrusion detection and protection systems. Monitors operation of, and provides reports on, end point security systems such as anti-virus, patch management and vulnerability assessment tools. Monitors operation of, and provides reports on, security information and event management (SIEM) systems. Must have the ability to examine a variety of data sources to correlate events and determine courses of action. Participates in the incident response process when network anomalies are discovered and drives the incident process to completion. Manages relationships and coordinates operational activities between Vaco and external security services providers (e.g., Managed Security Services Providers, Penetration Testers, Solution providers, etc.). Coordinates vulnerability remediation activities and works with the IT operations section to mature the patch management lifecycle based on vulnerability management Service Level Agreements (SLAs) defined by the SCR function. Creates and publishes daily/weekly/monthly/quarterly/annual incident management reports as requested/required. Desired Competencies and Skills: Knowledge of SIEM systems Knowledge of Intrusion Detection Systems/Intrusion Protection Systems Knowledge of networking and firewall appliances Knowledge of Information Security standards (International Organization for Standardization 27000 series, National Institute of Standards and Technology, HITRUST) Knowledge of a variety of vulnerability management solutions Strong verbal and written communication skills. Project management and organizational skills Educational Requirements: Bachelor’s degree in Computer Science, Information Technology, Information Security or Electrical Engineering preferred, with at least two (2) years of experience of Information Security experience. One of the following certifications is required: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); GIAC certifications and/or Certified Ethical Hacker (CEH); CompTIA Security+. Any equivalent combination of education, training, and experience which provides the requisite knowledge, skills, and abilities for this job may be considered. Travel Requirements: 10% -Occasional travel to onsite offices or vendor conferences may occur
