At Entertainment Partners we help to power Oscar-winning films, Emmy-winning shows, and Clio-winning commercials. Feel the satisfaction of doing work that directly impacts the most exciting industry in the world while fostering a work environment with the nimbleness of a start-up but the stability of a blue chip. EP is poised to redefine and evolve the back-office processes of the entertainment community with security at the core of what we do.
Are you looking for the next opportunity to revolutionize an industry? If so....
We are targeting a Junior Information Assurance Architect (Application Security Analyst) who will support the design, deployment, and day to day operations of company wide Information Systems security technologies as well as programs deployed across the EP technology landscape. The role operates in collaboration with other Technology teams to assess, improve and maintain the overall security posture of application delivery, IT Infrastructure, and the protection of data assets. The role will have the critical function of integrating into the software development communities to ensure Information Assurance requirements and security best practice are addressed as part of the software development lifecycle across EP's application landscape.
• Daily review of system access request, firewall changes, external vulnerability detection and remediation.
• Attendance of designated weekly scrum meetings and participation in the release management review and approval process.
• Provide support and operations of vulnerability management, secure coding best practices, static code analysis, threat modeling, and their integration into the release management process including automation functionality.
• Third party vendor security reviews and ensuring they adhere to our security standards.
• Maintains and develops security requirements by evaluating business strategies and needs; researching information security standards; conducting system security and vulnerability analyses along with risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
• Verifies security of applications and infrastructure by developing and maintaining various security testing methodologies which include vulnerability scanning, internal penetration testing, secure code analysis, and manual review.
• Helps maintains security by monitoring and ensuring compliance to standards, policies, and procedures; developing and conducting training programs.
• Performs detailed risk assessments of key business initiatives and vendors; identifies security gaps and communicates requirements; evaluates and recommends enhancements; performs gap analysis.
• Maintains and augments knowledge by understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; attending security conferences; maintaining personal networks; participating in professional organizations.
• Has knowledge of cloud computing platforms, in particular AWS.
• Understands basic architecture tenants that utilize AWS resources in regard to IAM, Key Management, Encryption at Rest, Security Groups and VPC management.
• Helps coordinate and execute information assurance projects as defined and prioritized in the overall information assurance strategy.
• Evaluates the security posture of company technology as well as any related data assets to ensure internal security controls are appropriate and operating as intended.
• Stays well-informed and current on the latest information security technologies, methodologies, and events.
• Identifies external resources such as vendors, products, or services that may assist in meeting information assurance objectives or promote lower security costs.
• Evaluates and delivers recommendations pertaining to the procurement of security related technology including software, hardware, and services.
• Evaluates and delivers feedback on the potential security aspects or impact of non-security related technology including software, hardware, and services.
• Liaisons with external information security vendors and service providers.
JOB REQUIREMENTS/QUALIFICATIONS NEEDED
• 1 year of direct information security experience in a global IT environment supporting at least 4 of the 10 security domains.
• University degree (or equivalent experience) in Computer Science, Development, Engineering, or another technical field.
• Working knowledge of OWASP principles for protecting modern web applications.
• Basic understanding of CI/CD pipelines.
• Understanding of container technologies, Kubernetes and Docker is a plus.
• Functional knowledge of network technologies including network security focused technologies such as next generation firewalls and web application firewalls in a global IT environment.
• Working knowledge of server technologies including administration, virtualization, Active Directory, Microsoft Exchange, and Citrix in a global IT environment.
• Working knowledge of both Windows and Linux/Unix operating systems.
• Working knowledge of security solutions such as anti-virus, intrusion detection, file encryption, security incident and event management, vulnerability assessment, etc.
• Experience in log analysis and correlation.
• Experience using Microsoft Word, Excel, PowerPoint, Visio, and SharePoint. Microsoft Project, Access, SQL, PowerShell, or scripting experience is a plus.
• Strong customer service, written, and oral communication skills.
• Ability to maintain security as well as confidentiality when dealing with sensitive information for a global environment.
• Ability to prioritize tasks in order to meet deadlines and deliver measurable results.
• Ability to collaborate with team members as well as non-team members to support a multi-site customer base that extends globally.
• Knowledge of desk side and help desk support delivery.
• Experience in developing as well as implementing support and administration procedures.