Position: Cyber Security Analyst
Department: Management
Location: Australia, UK, US
Report to: System Administrator
Summary: The IT Security Analyst is responsible for ensuring that the company's and clients’ digital assets are protected from unauthorized access. This includes securing both online and on-premise infrastructures, weeding through metrics and data to filter out suspicious activity, and finding and mitigating risks before breaches occur. Also, we will responsible for generating reports for IT administrators and business managers to evaluate the efficacy of the security policies in place and help to make the necessary changes for a more secure network, create training programs to educate employees and users on proper security protocols, and be responsible for keeping the company's security systems up to date and creating documentation and planning for all security-related information, including incident response and disaster recovery plans.
Responsibilities:
- Participate in developing an IT strategic plan, evaluate/review existing infrastructure security configuration, and plan recommendations for future enhancements/solutions for environments of 300+ users.
- Conduct accurate network inventory and security assessments through vulnerability testing and risk analysis.
- Perform both internal and external security audits.
- Analyze security breaches to identify the root cause.
- Read, understand, and recommend solutions based on the results of internal and external audits.
- Verify the security of third-party vendors and collaborate with them to meet security requirements.
- Use network monitoring tools and security incident event monitoring to carefully examine network traffic and to identify both external and internal threats to ensure security specifications meet the client’s infrastructure guidelines.
- Work closely with the IT team in designing and implementing a multi-layer security strategy.
- Participate in the execution of disaster recovery testing.
- Provide security expertise to business applications ensuring they are deployed and implemented securely.
- Research and design short- and long-term changes and enhancements to the infrastructure. Ensure the network and systems dependent upon the communications infrastructure operate efficiently and effectively.
- Review access/security logs and reports findings and provide recommendations to the Director of IT.
- Works with various stakeholders and assists in the development and maintenance of the access control matrices as they apply to various applications.
Requested Qualifications:
- Minimum of 3-5 years of IT security experience.
- A Degree must be in Computer Science or a related field (e.g., Cyber Security, Information Technology, Information Assurance, Information Security, Information Systems, Computer Engineering, Systems Engineering, Computer Forensics).
- Should be familiar with a variety of hardware and software platforms with an understanding of core technologies, pertaining to security risks and mitigation, such as TCP/IP, DNS, DHCP etc.
- Experienced implementing NIST Cyber Security Framework (NIST 800-53) and CSC20 controls standards. Knowledge of IT data security compliance programs preferred including HITRUST, SOC 2, HIPAA/HITECH, NIST/CMS, or similar (e.g. FINRA).
- Experience working with networks of 300+ users.
- Efficient with OS Security, Windows & Linux.
- Relevant experience must be in computer or information systems design/development, programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, and/or systems engineering. Network and system administration may account for some, but not all, of the experience.
- Demonstrate experience creating detailed reports of risk findings and recommendations/ roadmap for improvement.
- Must be able to work independently and/or in teams to accomplish stated goals.
- Familiarity with project management or experience participating with longer timeframes a plus.
- Experience with Ethical hacking, Intrusion prevention, Incident response, Computer forensics and Reverse engineering.
Desired Current Certifications:
- Certified Expert Independent Assessors
- CompTIA Security +
- CompTIA Network+
- CWAPT Certified Penetration Tester
- Certified Reverse Engineering Analyst
- Certified Ethical Hacker
- GDPR
- HITRUST Assessors
What we can offer?
- A fun and fulfilling place to work
- Competitive pay.
- Health, dental, vision & life insurance
- 401k retirement savings plan
- Yearly handbag allowance
- Product discounts
- Job Type: Full-time
Benefits:
- 401(k)
- Dental Insurance
- Disability Insurance
- Employee Discount
- Health Insurance
- Life Insurance
- Paid Time Off
- Vision Insurance
Schedule: (Day shift, Monday to Friday)
COVID-19 considerations:
This is an on-site role; however, we adhere to safety protocols to keep all employees safe. Daily temperature checks and masks are required, and team members are working in a distanced manner throughout our warehouses, offices and recording studios.
Experience:
Cyber Security: 7 years (Preferred)
Security Prevention: 5 years (Preferred)