Enterprise Security Analyst
Location: Carle Place, NY
Position Type: Full-Time
The Security Analyst is responsible for monitoring, evaluating and testing the security of 18F systems. The Security Analyst will assist with the ongoing protection of 18F digital assets, and the maintenance and expansion of the 18F enterprise security program and architecture.
The Security Analyst must be actively engaged and informed in current threats and countermeasures. The Security Analyst will monitor and analyze systems, network traffic and behavior in order to detect and address threats to the organization, making recommendations and applying countermeasures where necessary.
The Security Analyst should be technical and proficient with Information Security practices.
Core Security Responsibilities
- Works with the Information Security Team to maintain a comprehensive Enterprise Information Security Program based upon industry standard best practices and compliance mandates.
- Assists with the development, enforcement, and maintenance of policies, procedures, measures, and mechanisms to protect the confidentiality, integrity and availability of data/information and to prevent, detect, contain, and correct information security breaches.
- Monitors and analyzes systems, network traffic and behavior in order to detect and address threats to the organization.
- Assists with all security activities within Information Technology. Assists with policy and procedure enforcement.
- Identifies security protection goals, objectives and metrics consistent with Enterprise best practices
- Promotes a culture that considers information security in all day-2-day activities
- Supports IT teams on security-related consulting services and on projects including deployment and maintenance of policy enforcement tools, techniques, and reporting
- Participates in change and configuration control processes and reviews
- Lends security awareness among the IT staff and business stake holders
Detailed Security Responsibilities
- Analyzes the logs of various systems for suspicious activity
- Analyzes IDS system events
- Generates reports of Security data
- Correlates data from security systems to produce actionable intelligence
- Conducts investigations on malicious domain names, IP addresses etc
- Follows established monitoring plans for security components such as IDS, vulnerability management and log management.
- Assists with network security incident management
- Responds to 24/7 security alerts in a timely manner; prepares for and provides rapid response to security threats such as virus attacks
- Documents procedures and activities, assists with the creation of new policies and reviews of established policies.
- Works with end user tickets requests for various types of access while adhering to established processes.
- Works with the security team to learn processes and procedures.
Communication / Reporting
- Represents the security team on organizational security project teams, and with external organizations
- Communicates the Enterprise?s security policies, including compliance issues, risks, and incidents to IT managers and users
- Produces security/risk status reports on metrics on key security functions
- Shows a commitment to continual self-improvement in order to learn and stay current with security and compliance methodologies, processes/best practices, and related technologies ? shares information gained with co-workers.
- Demonstrates initiative and a commitment to learning.
- Demonstrates a passion for technology and Information Security.
- Demonstrates a security mindset.
- 1-2 years Infrastructure/Networking/Security/Windows/Web Design Administration experience
- Basic understanding of PCI (Payment Card Industry) Audit and Compliance processes
- Understanding of basic networking practices (Switching, Routing, Firewalls etc)
- Experience with IDS/IPS, vulnerability assessment tools, log management systems, scanners, firewalls, web proxies, web app testing, two factor authentication, and patching tools are all desirable.
- Experience working collaboratively with business owners, subject matter experts.
- An understanding of Linux and Windows operating systems at an Administrator level.
- CISSP (Certified Information Security Professional)
- GIAC (Global Information Assurance Certification)
- OSCP (Offensive Security Certified Professional)
- MCSE (Microsoft Certified Systems Engineer)
- CEH (Certified Ethical Hacker)
- Active Directory experience / knowledge
- Microsoft Enterprise CA experience
- IAS server
- TMG / ISA web proxies
- Audit and/or penetration testing experience.
- Experience managing SSL certificates on a large scale
- Experience with web application security or WAF?s
- Experience with wireless security practices
- Experience with mobile device security
Security / Technology
- Understands Application architecture at a high level
- Exceptional organizational skills
- Ability to work independently and balance multiple priorities
- Demonstrated flexibility under a prioritization change condition
- Strong quantitative, analytical, problem solving, organizational, communication and interpersonal skills required. Attention to detail is a must
- Maintains an active and current interest in technology / security
- Understands common criminal patterns with regard to information security
Practical / Reasoning / Communications Skills
- Excellent Problem Solving Skills and troubleshooting methodology.
- Excellent written and verbal communication skills
- Ability to present information and ideas clearly and concisely
- Ability to think proactively, rather than reactively
- Ability to remain calm under pressure
- Identifies critical issues with ease
- Understands how to communicate difficult/sensitive information tactfully
- Ability to describe technical subjects in layman?s terms
- Generates enthusiasm among team members
- Proactively seeks opportunities to serve in leadership roles
- Demonstrates a high level of competence
- Exhibits a willingness to use personal time to advance skill set
- Ability to lead security analysis discussions
- Position requires approximately 10% travel
To Apply: E-Mail: careers@1800Flowers.com
Send your Cover Letter and Resume, including salary history, to:
Human Resources at
One Old Country Road
Carle Place, NY 11514
Only Qualified Applicants Will Be Contacted.