Position Summary The goal of information security is to protect the confidentiality, integrity, and availability of information assets. The information security team is responsible for defining and implementing security policy and standards and continuously monitoring for new threats. The Information Security Analyst is a hands-on technical role, responsible for incident response and security systems. This is an AVP level position within the organization. Currently the Information Security team is in the office 3 days per week (subject to change). Primary Responsibilities The Senior Information Security Analyst is responsible for the evaluation, design, implementation, and administration of security systems, and secure configuration of on-premises and cloud based enterprise technologies. The responsibilities of the Information Security Analyst include:
- Responding to security incidents.
- Administering and supporting both security systems and security capabilities of enterprise technologies including:
- Advanced Endpoint Security
- Cloud Applications
- Email Security
- Network Security - Firewalls, Network Access Controls
- Data Loss Prevention
- Vulnerability Management
- Security Information and Event Management (SIEM)
- Secure Configuration of Operating Systems and Applications (Hardening)
- User Awareness Training
- Assisting with implementation of security projects.
- Researching, developing, testing, and performance tuning solutions to security challenges.
- Evaluating security products and vendors and providing recommendations.
- Performing security assessments of new applications and changes.
Candidate Background
- 4-6 years' experience in a security analyst/engineering role preferably in the insurance or financial services industries; or
- 6-8 years' experience in an IT infrastructure role with a focus on security preferably in the insurance or financial services industries.
- Strong technical knowledge and experience in the following:
- Incident Response
- Advanced Endpoint Security
- Network Security - Firewalls, Network Access Controls
- SIEM
- Email security
- Mid-level technical knowledge and experience in the following:
- Active Directory Group Policy
- Microsoft Azure & O365
- Microsoft 365 Defender
- Windows Operating Systems
- Data Loss Prevention
- Vulnerability Management
- User Awareness Training
- Good understanding of information security standards and regulations applicable to the insurance and financial services industries.
- Bachelor's degree in Information Security, Information Systems, Computer Science, or other related discipline, or equivalent work experience.
- Technical security certifications a plus, such as CISSP, SSCP, CCSP, GIAC.
Compensation Annual base salary for the position is expected to be from $115,000 per year to $145,000 per year. The actual salary will depend on various factors, including but not limited to a candidate's experience and credentials, salary expectations of applicable candidates, and other applicable market conditions. This position also provides applicable employee benefits, as well as eligibility for an annual discretionary bonus.