Information security analyst
capital group
Total years of experience :15 years, 5 Months
maintenance and monitoring of enterprise network security systems, review of performance parameters of infrastructure components including Routers, Firewalls, Switches, and IPS & IDS security logs.
Identify, evaluate, and report on information security risks.
Implement security risk and compliance management, assessment, auditing administration and management of customer’s security infrastructure.
Analyzes and responds to security threats of significant risk from various security platforms and technologies.
Configures tests, manages and upgrades security products and other technologies impacting data security.
Performs network troubleshooting to diagnose more complex network problems.
Supports more complex security platform changes and upgrades.
Analyze the enterprise information security environment and recommending security measures to safeguard valuable information assets.
Performs security reconnaissance on assets, gathering intelligence to identify and respond to potential security threats or vulnerabilities of significant organizational risk or complexity, ensuring appropriate leader notification and threat mitigation.
Reviews threat management systems, appropriately classifying and responding to threats of significant risk.
Coordinates with security monitoring function and provide appropriate intelligence on any significant threats.
Conducts highly confidential more complex cyber forensic investigations, acquiring, collecting documenting and preserving evidence from various forms of electronic media and equipment, alerting leadership as appropriate based on policies and practices.
Confers with executive management and I.T. personnel to identify and plan for security for data, software applications, hardware, telecommunications, and computer installations.
Review computer logs and messages and develop tests on systems to identify and report any possible violations of security.
Works with external service providers and vendors to identify, select, and implement data security, backup and archiving software, hardware, and processes.
Collaborate with vendors and internal departments to develop and implement procedures.
compliance with information security policies, procedures, guidelines, and standards.
• Support the disaster recovery planning, testing, auditing, risk analysis, business resumption planning, and contingency planning, maintenance of the Disaster Recovery Plan and Business Continuity Plan.
• Conduct internal compliance reviews of the information security environment and serve as a consultant for security issues that require immediate resolution.
• Work with third-parties engaged to perform IT-related risk and/or operational assessments such as annual intrusion testing.
• Liaison between the Information Technology department and third parties engaged to provide information security monitoring and/or management services.
• Interpret and disseminate security-related information to upper management and the board of directors in relevant terms, e.g. summary dashboards.
• Facilitate audit and regulatory reviews by gathering documentation or representing facts to auditors and regulators when interviewed.
• Ensures compliance with data destruction methods and the following policy.
• Conducting risk assessments to identify and assess the security risks of new, existing, or proposed infrastructure.
• Analyze security incidents and assist in the escalation of security events in conjunction with the incident response policy/program.
• Implementation of information security training and on-going education to all personnel.
• Monitoring the internal control systems to ensure appropriate access levels are maintained.
• Coordinate annual testing for compliance with emergency preparedness and Disaster Recovery.
• Review internal, external, and regulatory recommendations.
• Conduct disaster recovery planning, testing, auditing, risk analysis, business resumption planning, and contingency planning
• Conducts vulnerability, security configuration, and/or penetration testing assessments of systems and networks and develops and implements solutions for addressing vulnerabilities, threats, and exploits.
• Maintain the Middleware software security and prevent unauthorized access to the applications and administration in compliance with IT security policy.
• Prepare quarterly and annual security awareness communications on the Information Security Management System
• Implementing and supporting Data Migration tools.
• Investigating, capturing, and analyzing events related to cyber incidents.
• Prepares and delivers written and/or verbal briefs including recommendations to senior leadership on the latest threats, alerts, incidents, and improvements.
• Investigating, capturing, and analyzing events related to cyber incidents.
• Planning and directing recovery activities including forensic event analysis, and malware evidence collection and reverse engineering
• Deploying, managing, and troubleshooting firewalls and software-defined or virtual networking security components
• Experience deploying and managing endpoint security.
• Vulnerability and security configuration assessment and scanning
• Administering web proxy, email security, Web Application Firewall, Data Loss Prevention and Access Security Broker technology
• System administration applied to plan and researching and developing security policies, standards, and procedures across multiple platforms and applications.
• Applying security principles, methodologies, and controls to new and emerging technology
• Installing and maintaining Open Source based Tech Stack in production environments
• Performing OS and application up-grades on existing systems
• Provide remote and on-site support for domestic and international customers, including tier III support.
• LAN /WAN product sale support for key accounts of all sizes.
• OS installation, migration, and up-gradation account specified security application deployment, Patch installation, and up-gradation and firmware/license related upgradations
• VERITAS Cluster Management, Client/Server support, network/NFS system administration, and support, OS upgrading, Server rebuilding.
• Disk/Volume Management, San space evaluation, and planning.
• DBA space request Administration and deployment.
• Installation, configuration, and Administration of Netbackup environment.
• Administration of NIS or LDAP environment.
• Middleware server administration, performance tuning, technical and deployment architecture design, development of system integration modules and support.
• Maintain the availability of all production and non-production Application servers, Enterprise service Bus and Messaging middleware as per the defined SLA with the customer.
• Provide 24/7 on-call support for Tier-III operational and business-critical applications in a system administrator role.
• Maintain the Middleware software security and prevent unauthorized access to the application's administration in compliance with IT security policy.
• Proactively initiate and plan the version upgrade & patch management of Middleware software.
• Provide technical support to the Information Systems team in major application deployment designs and planning efforts to arrive at high performance and cost-effective solutions.
• Ensure proper documentation of the system software for ease of quality assurance, testing, operation, and support.
• Investigate reported incidents in operational systems and ensure right patches are applied, tested and promoted to production systems. The will handle configurations, installations, monitoring, testing and support of multiple flavors of UNIX systems.
• Support of version, revision control, & change management practices and procedures.
courses: RHCE- Red Hat Certified Engineer •SCSA-Sun Certified System Administrator •MCSE-Microsoft certified system engineer Professional •CCNA Cisco Certified Network Associate •ITIL V3 certified