Cyber Security Analyst
Company: H E B
Location: San Antonio
Posted on: November 10, 2018
As an Information Security Analyst, you will work with key H-E-B information system personnel to architect secure critical infrastructure solutions and services. Responsibilities include: designing security solutions in accordance with industry standard architecture frameworks, and coordinating enterprise wide security programs to meet regulatory compliance. Do you have a:HEAD FOR BUSINESS... the willingness to maintain / gain new technical knowledge?
HEART FOR PEOPLE... the ability to present complex technical and security-related info so it-s easily understood by many?
PASSION FOR RESULTS... the ability to advise on development / acquisition projects to ensure the best security-related outcomes?RESPONSIBILITIES INCLUDE: Management:
- Develops security configuration and operations standards for security systems and applications to include policy assessment and compliance tools, network security appliances, and host-based security systems.- Recommends, develops, implements, trains on, and interprets Info Security control patterns, designs, procedures, policies, guidelines, and standards, including the IS awareness program.- Collaborates with business leaders to develop solutions that balance security and business needs.- Generates and maintains administrative documentation, such as architecture diagrams, admin manuals, and operational procedures and processes.- Assists Project Manager in developing project plans, specifying goals, identification of risks, contingency plans, and allotment of resources for each phase of the project.- Monitors and drives project results against technical specifications.
Security / Administration:
- Performs security administration services for enterprise security systems including but limited to: Public Key Infrastructure (PKI) and certificate management, Key Management Systems (KMS), Security Information and Event Management (SIEM), Identity and Access Management, Web content filtering, Vulnerability Scanners, Static and Dynamic Code Analysis. - Responds to information security requests, incidents, and trouble tickets according to a defined SLA.- Participates in an on-call rotation for information security and resolve service outages within SLA.- Conducts periodic security testing of controls (penetration tests, vulnerability analysis, etc.)- Leads incident response teams, including performing forensic / investigation services.- Participates in disaster recovery and business continuity efforts.- Develops security processes and procedures. Supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.- Plays an advisory role in application development or acquisition projects to assess security requirements and controls, and to ensure that security controls are implemented as planned.- Reports to H-E-B management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.- Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.- Maintains job knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations
- Serves as primary individual responsible for execution of risk assessment activities, analyzing the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.- Provides monthly, quarterly, and ad-hoc strategic and operational risk reporting and analytics for trending, risk assessment, compliance, and active exception reporting.- Determines security requirements by evaluating business strategies and requirements-researches information security standards, conducts system security and vulnerability analyses, and risk assessments.- Researches, evaluates, and recommends information security-related hardware and software, including developing business cases for security investments.- Develops solutions by analyzing information requirements, determining systems architecture, components, and technologies, and by studying business operations and user-interface requirements. Auditing / Compliance:
- Manages and coordinates internal and external audits, including but not limited to PCI DSS and HIPAA.- Performs physical site assessments of business partners, provides peer review of work product and deliverables; executes release of information analysis to third-party business partners.
- Bachelor's degree or 5 years relevant work experience.
- 5 years of experience working full-time as an Information Security Professional.
- At least one professional security certification such as CISSP, CISA, CEH, applicable SANs programs. Other industry certifications (e.g., Cisco, Microsoft, VMware) preferred.
- Experience securing UNIX, Linux, and Windows systems
- Experience performing vulnerability assessments and penetration tests.ISSEC3232 PREFERRED EXPERIENCE:
- Experience securing Web Application Servers such as Apache, Tomcat, and Microsoft IIS
- Experience securing various database technologies
- Experience developing information security standards.
- Experience performing vulnerability assessments and penetration tests.
- Experience with risk and threat model development.
- Knowledge of DevOps (CI/CD Processes) and basic automation toolsPhysical and Other Requirements
- Function in a fast-paced, retail, office environment.
- Travel by car or airplane with overnight stays.
- Sit for extended periods of time.
- Work extended hours, nights, weekends, and shift work.
Keywords: H E B, San Antonio , Cyber Security Analyst, Professions , San Antonio, Texas
Didn't find what you're looking for? Search again!