IT - Application & Software Development
Saint John, NB
Apr 25, 2018
Senior Information Security Analyst
Job TitleSenior Information Security Analyst
The Senior Information Security Analyst is responsible for planning and implementation of Information Security projects, providing technical guidance for Information Security operations and managed services, ensuring continuous improvement of information security capabilities, and supporting incident management and security monitoring processes and tools. The Senior Information Security Analyst is the primary technical contact for Managed Security Services providers and will work with the Director IT Security to implement the required tools and processes to support Irving Oil’s security requirements.
- Review security-related events, assess risk and validity, and report findings.
- Analyze network traffic to assist in testing new signatures for production deployment to client environments.
- Analyze additional log, forensic investigation procedures, and protocols.
- Demonstrate advanced understanding of business processes, internal control risk management, IT controls, and related standards.
- Facilitate use of technology-based tools or methodologies to review, design, and/or implement products and services.
- Create a learning environment through leadership.
- Work closely with your team to exceed expectations while identifying and mitigating business risks associated with projects.
Incident Response and Investigation:
- Advise and recommend on defensive strategies based on the clients existing technical security controls in relation to their current risk appetite.
- Evidence collection, threat and risk management.
- Incident management methodologies.
- Review security-related events, assessing severity, criticality and priority.
- Manage third party vendor SLAs with an emphasis on quality and accuracy.
Information Security Governance:
- Defining organizational interface processes and procedures, internally and with third party providers.
- Ensuring alignment with IT service management.
- Assist with information security strategic planning and process.
- Enterprise level experience on information security threats including risk assessment and mitigating controls / activities to manage them.
- Experience working with Managed Security Service providers effectiveness, i.e. SLA / SLO incident resolution, reporting to the Director IT Security and senior IT management.
- Experience working closely with IT operations on the implementation of security tools.
- Ability to multi-task effectively.
- Able to make decisions assessing all risk factors.
- Proven experience working collaboratively with IT and other business units.
- Proven ability to balance the reality of an operating environment with security philosophies.
- Good understanding of System Development Lifecycle.
Education and Experience:
- Post-secondary education in computer science, computer engineering, electrical engineering, systems analysis, or a related field of study.
- Certified Information Systems Security Professional (CISSP), GIAC GCIA - SANS Certified Intrusion Analyst, and/or GIAC GCIA - SANS Certified Incident Handler certification(s) an asset.
- 6+ years in IT.
- 4+years in Information Security.
- Good working knowledge of server platforms (UNIX, Windows, etc.), networking, security (firewalls, IDS / IPS, proxy systems, etc.), vulnerability assessments, network architecture.
- Direct experience with SIEM products.
- Experience as an SOC Analyst – ideally working in a CIRT.
- Experience with malware analysis techniques an asset.
- Experience coaching and mentoring others.
- Strong knowledge of security and privacy enhancing technologies such as identify management, application security, and network security technologies.