The National Association of REALTORS (NAR) is a team of professionals dedicated to providing world-class service to over 1.4 million REALTORS working in the United States and around the world. The real estate industry is fast-paced and fast-changing--each year, our members participate in the sale, lease, and management of billions of dollars in real estate. As in every industry, our members value proposition is constantly being challenged by innovation.
It is our mission to help REALTORS navigate that change and thrive in their careers. We cannot do that without the ideas, passion, and commitment from our talented employees. As our greatest assets, employees are offered their pick of competitive benefits/perks and flexible work options. In 2020, NAR was certified as a Great Place to Work. Our most successful employees are committed to our Core Values, which are:
Putting members first
Advance Diversity and Inclusion
NAR is looking for a high-level Senior Cybersecurity Analyst to join their IT team. Reporting to the Director, Technical Infrastructure, the Senior Cybersecurity Analyst is an exciting role where the new Cybersecurity analyst will play a key role in establishing a formal cybersecurity function for NAR. The role requires an individual to have both hands on as well as strategic experience with managing cyber security within an organization. The role will be responsible for security related to data, websites, emails, as well as educating NAR staff and associations about social aspects of security management. The Cybersecurity analyst will work cross functionally to identify and correct flaws in the company s security systems, infrastructure, and applications while recommending specific measures that can improve the company s overall security posture. As a senior analyst the individual should have ample experience in driving security related projects with in-house as well as consulting project teams.
The ideal candidates will be able to work effectively in a fast-paced setting, bring a fresh perspective to the security and passionate about protecting, defending, and responding to information security related events, and be a collaborative team player.
Duties and Responsibilities:
- Ability to establish and articulate a vision, set goals, develop strategies, execute projects, and track and measure results a must
- Experience developing programs to create and educate employees on security awareness and emerging security threats including social engineering/Phishing required to increase awareness on security practice
- Manages processes responsible for the analysis of and response to security threats (malicious code, indicators of compromise, hacker profiling, zero-day exploits, intrusion logging, etc.) in order to proactively prepare for security events.
- Conducting security assessments through vulnerability testing, pen tests, and risk analysis for the latest vulnerabilities and exploits using a risk-based approach to qualify threats and develop mitigation strategies
- Work with Infrastructure and Application Development teams to ensure ecommerce environment is secure and PCI compliant.
- Lead incident handling processes, e.g. incident discovery, analysis and verification, incident tracking, containment and recovery, incident response coordination and notification
- Perform malware analysis, forensics, and threat modeling
- Prepare security advisories and security information bulletins.
- Develops, implements, and maintains information security and identity management policies, procedures, and systems.
- Proactive monitoring and response of known and or emerging threats against the network and endpoints.
- Continuously improve and makes recommendations to further improve security
- Participates cross-functionally across IT and business tiers(Legal, HR, Finance) to provide consultation on complex security issues.
- Perform web application vulnerability scanning, detection, assessment, and mitigation
- Maintain information security operational metrics (i.e. # of incidents, types of incidents, etc.).
- Takes a leadership role in overseeing security issues, projects, and risk management across the enterprise
- Keep the company's systems up to date and creating documentation and planning for all security-related information, including incident response and disaster recovery plans
- Ensure all company's digital assets are protected from unauthorized access. This includes securing both online and on-premise infrastructures, weeding through metrics and data to filter out suspicious activity, and finding and mitigating risks before breaches occur
- Monitor Cyber Security trends, alerts, and newsletters.
- Document procedures, processes, installations, and other aspects for system maintainability and cross training of teammates.
- Research new security platforms and technologies for future use or to streamline existing processes.
- Monitor system and application security activity and adjust security parameters to provide optimal performance.
- Mentor and guide first level tech support in technology best practices, in addition to participating in peer training and brainstorming sessions
- Other duties, as assigned
- Bachelor's degree in Computer Science, MIS, or related field or equivalent experience preferred
- Minimum of 8-10 years of overall cyber security and compliance management experience including triaging security and intrusion events.
- Minimum of 3 years leading cyber security related projects, working with external vendors and consultants on security related projects
- Experience in IT Security Testing (e.g., penetration testing, web application security assessments, vulnerability assessments and technical security assessments.
- Working knowledge and experience in Cloud, endpoint, server, database, application and network security hardening experience (e.g., design, recommend and implement security hardening technical controls).
- Experience in cyber security, firewalls, network security, information assurance, Linux, UNIX, Windows, security information, PCI audit, and event management (SIEM), application security, security engineering, and security architecture.
- Working knowledge in Azure / AWS / Google Cloud Platform cloud production hosted applications and experience working with SOC, and with one or more scripting languages (Python, Go, etc.)
- Professional security certifications (CISSP, CCSK, Certified Azure Security Engineer, etc.) a plus
- Strong desire continuously to learn latest trends, threats/vulnerabilities in cyber security.
- Detailed, problem-solving, and great organizational skills.
- Excellent communication skills with ability to provide the appropriate level of detail (verbal and written) to both technical and non-technical individuals.
- Results oriented with high attention to detail, ability to multi-task, and meet deadlines in a dynamic, fast-paced team environment
- Highly collaborative and team-oriented