View all jobs

Senior Security Analyst

REQUIREMENT: Primary duty is the day-to-day operations of the in-place security solutions and the identification, investigation and resolution of security breaches detected/reported by the business; Participate in the planning and design of enterprise security architecture, under the direction of the IT Security Manager, where appropriate; Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate; Participate in the planning and design of an enterprise Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP), under the direction of the IT Security Manager, where appropriate; Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices); interpret implications of that activity and devise plans for appropriate resolution; Participate in investigations into problematic activity; Participates in disaster recovery testing; Develops and implements business and IT continuity/recovery strategies; Provides advice and guidance to technical teams in the performance of their duties related to the ongoing design, development and implementation of continuity/security recovery capabilities in the areas of infrastructure (hardware, software, and networks), application development, and data management; Develops Risk Management deliverables including Threat Risk Assessments (TRA), Statements of Sensitivity (SOS), Vulnerability Analysis (VA) and/or Security Gap Analysis evaluating Information Technology Safeguards (ITS) safeguards; Defines Recovery Objectives and Timeframes, including recovery times, expected losses, and priorities; Researches and documents solutions for Intrusion Detection, Secure Networks, User Management and Control Systems, Information Protection Strategies, Recovery Requirements, and Information Technology Security Evaluation Criteria (ITSEC) challenges; Prepares Cost/Benefit Analysis of ITSEC and Recovery Strategies and presents findings to Senior Management; Conducting Threat Risk Assessments using qualitative and quantitative risk analysis methodologies such as annual loss expectancy, estimated annual cost, threat tree analysis, cause-sequence analysis, hazard and operability analysis, interface analysis and consultative, objective and bi-functional risk analysis; Configure and manage enterprise firewalls, including the modification firewall rules, analysing firewall log files and implementing corrective action; Participate in the design and execution of vulnerability assessments, penetration tests, and security audits QUALIFICATIONS: The resource must have a BSc. or equivalent in a related field as well as holding a Certified Information Systems Security Professional (CISSP). The ideal candidate would also have the following: GlAC Penetration Tester (GPEN) and GIAC Web Application Penetration Tester (GWAPT) CISSP PMP Certification Certified Ethical Hacker (CEH) certification Cisco Certified Network Associate (CCNA) certification Security Plus (SEC+) certification Certified Cyber Security Examiner (CCSE) certification Palo Alto Networks Certified Network Security Engineer (PCNSE) certification Payment Card Industry-Approved Scanning Vendor (PCI-ASV) certifications Secret Security Clearance
Powered by