Our client a leading professional services firm located in downtown NYC, is looking to hire an information security analyst. This position works with the Director of Infrastructure & Security on the maintenance and implementation of the Firm’s Information Security and Management System. Will also monitor information security alerts, threats, and threat intelligence
- Manage, configure and support on premise and cloud-based IT security monitoring systems: eSentire, O365/Azure security consoles, Cisco Umbrella and Palo Alto Panorama.
- Review, triage, analyze and remediate information from Information security monitoring systems, third party threat intelligence, and vendor vulnerability information.
- Coordinate vendors performing vulnerability, risk analysis and penetration testing.
- Manage and oversee internal department auditing function (includes review of: user accounts; elevated privileges; patch and security configuration status; and information access).
- Manage maintenance and development of policies and procedures for the Firm’s Information Security Management System (ISMS).
- Participate in the Firm’s Computer Security Incident Response Team and Information Security Forum.
- Participate in client security assessment and review process.
- Extensive knowledge of current security threats, techniques, and landscape
- Strong understanding of internal control concepts and policies.
- ISO 27001 certification a plus
- Strong knowledge of Incident Analysis and Response concepts and techniques
- Working knowledge of IT infrastructure including network devices and architecture, TCP/IP, network protocols, server operating systems, vulnerability scanning, endpoint protection, intrusion detection, firewalls, and content filtering.
- Knowledge of MFA, PKI, Palo Alto, Cisco ASA, IDS/IPS, KiWi, SolarWinds, Nessus, Windows, Linux/Unix, VMware, IDS/IP, forensic discovery, Certificate Authority (CA), PKI, Kerberos, SSL, HTTPS, LDAP, Active Directory, Group Policy, DNS, NTFS, SharePoint, Remote Access, Citrix, VDI, ACLs, etc
- Various social engineering, and penetration testing approaches/tools for vulnerability identification, enumeration, and exploitation to determine security networks, systems, and application's security configuration
- Bachelor’s degree, preferably with strong academic record.
- Information Security certification strongly preferred.