Senior Security Analyst

Responsibilities

• Review and analyze the security posture of insureds or potential insureds quickly and efficiently

• Evaluate customer security programs technologies controls and business environments; recommend and develop enhancements

• Triage security incidents and claims understand the root cause and develop detection tradecraft from threat intelligence

• Build security automation tooling to rapidly integrate optimizations into our underwriting system

• Assist with developing Information Security Plans and Policies including those for Incident Response customized to customer requirements and risk profile

• Provide recommendations on solutions to help customers manage information security risk

• Track emerging security practices and contribute to building internal processes and our various products

• Stay abreast of the current regulatory environment industry trends and related implications

Skills and Qualifications

• 3+ years of security analysis SOC MDR or penetration testing experience

• Demonstrated expert understanding of the life cycle of network threats attack vectors and methods of exploitation with an understanding of intrusion set tactics techniques and procedures

• Knowledge of TCP/IP Protocols network analysis and network/security applications including log and network traffic capture analysis

• Experience with Nmap Nessus Nexpose Qualys Burp Kali Metasploit Meterpreter or other offensive tools

• Knowledge of industry standard frameworks – NIST ISO HIPAA PCI

• Self-motivated with an entrepreneurial spirit and comfortable working in a fast-paced dynamic environment

• Strong interpersonal communication skills (verbal & written)

• Aptitude to learn technical concepts/terms and ability to manage multiple tasks/projects simultaneously

• Bachelor’s Degree in Computer Science Information Security Engineering or equivalent work experience

Bonus Points

• Securing cloud based platforms (Microsoft Azure Amazon AWS etc.) - experience with system hardening procedures for Windows Linux and Unix is helpful

• Knowledge or experience with EnCase FTK SIFT Volatility Splunk Graylog ELK/Logstash WireShark Zeek or other open source forensic/log analysis/network analysis tools

• Knowledge of programming and scripting for development of security tools and industry frameworks is helpful

• SCADA / Control systems network experience a plus