Sr. IT Security Analyst

Job Description

Title: Sr. IT Security Analyst

Reports To: Director, IT Security Operations

Location: Pittsburgh, PA

American Eagle is a youth culture brand grounded in denim. Our purpose extends beyond making the best jeans-we embrace self expression, culture, optimism and connection. Through the brand platform Live Your Life, we empower our community to be who they want to be all while wearing the clothes that make them most confident.

Get to Know the Role:

Our Senior IT Security Analyst, within the Security Operations group, ensures proper configuration standards are met and sustained in compliance with security policy, procedures, standards, and industry requirements/best practices.

You will have the opportunity to implement and maintain cybersecurity controls including endpoint detection and response, identity protection, data loss prevention, security automation, application security testing, next generation firewalls, container security and automated compliance tools. Additionally, you will get to perform cybersecurity monitoring of American Eagle Outfitter's cloud environments ensuring proper monitoring coverage that correlates with internal security operations and processes. If you want to focus on building secure solutions in a dynamic retail environment and are passionate about using your analytical skills to solve meaningful problems, AEO has a phenomenal opportunity for you.

What You'll Do:

• Configure, implement, monitor and support cybersecurity systems and controls supporting.
• Configure security tools for logging /monitoring, and growing coverage of existing tools.
• Make recommendations to management on enhancements to existing and new security software or related tools.
• Assist in evaluating, planning and implementation of new/existing security applications/tools that integrate with current toolsets.
• Help implement and maintain next-generation enterprise protection tools malware detection technologies.
• Ensure security standard methodologies are identified and integrated into all facets of projects including network, system designs/configuration, and implementations.
• Identify and recommend potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key security risks.
• Partner with various business units to enhance security policies/procedures.
• Create and maintain data security documentation, policies, and procedures.
• Configure, implement, monitor, and support network security software/systems that will help ensure compliance with CSA Cloud Controls Matrix in cloud environment.
• Responsible for providing support during off hours for security.
• All other duties as assigned.

What You Bring:

• Bachelor's degree or equivalent work experience required.
• Five years of enterprise cloud (IaaS, PaaS, SaaS) experience, IT cloud security experience preferred.
• Experience with Endpoint Detection and Response and Identity Protection.
• Experience with data loss prevention tools including implementations for endpoint and cloud environments.
• Experience with deception technologies including design, implementation and management.
• Experience with cloud security posture management (CSPM) and cloud workload protection (CWP) tools.
• Experience with Google Cloud Org Policies and/or Azure Policy and/or AWS Service Control Policies.
• Deep knowledge regarding clouding networking, such as routing, traffic filtering (firewalls), load balancing, etc... for Google Cloud Platform VPCs and/or Azure VNETs and/or AWS VPCs.
• Experience with container security including actual container workloads and Kubernetes engine.
• Experience working IaC, such as Terraform and/or Azure Resource Manager templates and/or AWS CloudFormation Stacks.
• Experience in hardening Google Workspace tenants.
• Experience with Microsoft Active Directory, Azure AD and other cloud identity technologies.
• Strong ability to critical think and solve problems.
• Experience with threat detection and incident response in cloud and on premise environments.
• Advise stakeholders and translate business requirements into secure, scalable, and reliable cloud solutions.
• Complete security reviews and assessments with developers, operations, and infrastructure teams.
• Partner with system engineering / DevOps to assess and reduce cloud security risks.
• Assist with documentation of organizational security standards, processes, and governance model.
• Knowledge of host hardening, auditing, logging, monitoring, network security, and anomaly detections.
• Understanding of industry trends for cybersecurity risk & threat intelligence, and governance.
• Assist with implementation and improvements of Cloud Security Operations capabilities within existing organizational support structure.
• Assist with configuration of sending cloud logs to SIEM tool and creating rules for alerting on suspicious events.

Nice to Have:

• Proficiency in ML frameworks, data analytics, and automation scripting.
• Ability to interpret AI findings and conduct proactive threat hunting.
• Understanding of AI risk frameworks (e.g., NIST AI RMF, ISO 42001).
• Specialized in defending against AI-powered threats, such as deepfakes and advanced phishing.
• Familiarity with Next Generation SIEM platforms.
• Application Security Testing tools including static, dynamic, interactive and software composition analysis.
• IT Security certifications, such as CISSP, GIAC, etc. are preferred.
• Direct hands-on experience designing and implementing security with Google Cloud Platform and/or Microsoft Azure and/or AWS for both IaaS and PaaS offerings.
• Cloud certifications, such as CCSP, AWS CSA, Google Cloud Professional, Microsoft's Azure Solutions Architect is preferred.
• Experience with DevOps and CI/CD tooling.
• Experience in hardening Microsoft Office 365 tenants.
• Knowledgeable with CSA CCM security framework and CIS Benchmarks for Cloud.

Perks: Why You'll Love it Here

• Generous employee discount
• Summer Fridays
• Casual dress code
• Hybrid schedule
• FOMO events (Exciting company-wide events)

AEO, Inc. is an Equal Opportunity Employer.

PAY/BENEFITS INFORMATION:

• Actual starting pay is determined by various factors, including but not limited to relevant experience and location.
• Subject to eligibility requirements, associates may receive health care benefits (including medical, vision, and dental); wellness benefits; 401(k) retirement benefits; life and disability insurance; employee stock purchase program; paid time off; paid sick leave; and parental leave and benefits.
• Paid Time Off, paid sick leave, and holiday pay vary by job level and type, job location, employment classification (part-time or full-time / exempt or non-exempt), and years of service. For additional information, please click HERE.
• AEO may also provide discretionary bonuses and other incentives at its discretion.

#LI-CH1

About Us

Get to Know AEO

American Eagle Outfitters, Inc. (NYSE: AEO) is a leading global specialty retailer with a portfolio of beloved apparel brands including American Eagle, Aerie, OFFL/NE by Aerie, Todd Snyder and Unsubscribed.

Rooted in optimism, inclusivity and authenticity, AEO's brands empower every customer to celebrate their unique personal style by offering casual, comfortable, timeless outfitting and high-quality products that are made to last. In addition to a robust e-commerce business, we operate stores in the United States, Canada and Mexico, with merchandise available in more than 30 countries through a global network of license partners.

At AEO, we believe in the power of our people and our brands. Our Better Together culture creates a mutual desire to succeed-inspiring our community to excel, while driving future growth for the business and associates. Through experience, exposure and education we empower associates to build their unique career journey.

Inclusion, Diversity, Equity and Access at AEO

We remain committed to building an inclusive culture that is welcoming and fosters a sense of belonging for everyone. Please see more about our initiatives here.

AEO is an Equal Opportunity Employer and is committed to complying with all federal, state and local equal employment opportunity ("EEO") laws. AEO prohibits discrimination against associates and applicants for employment because of the individual's race or color, religion or creed, alienage or citizenship status, sex (including pregnancy), national origin, age, sexual orientation, disability, gender identity or expression, marital or partnership status, domestic violence or stalking victim status, genetic information or predisposing genetic characteristics, military or veteran status, or any other characteristic protected by law. This applies to all AEO activities, including, but not limited to, recruitment, hiring, compensation, assignment, training, promotion, performance evaluation, discipline and discharge. AEO also provides reasonable accommodation of religion and disability in accordance with applicable law.

Applications will be accepted until the Apply Before date (if applicable), but may be extended based on applicant volume.