Its a Scheduled Drive on the SSE role.

Senior Infrastructure Security Analyst

Brief Description :

- Assume primary responsibilities for security operations (Security Monitoring, Alerts handling, Systems and Network Compliance, Vulnerability Life Cycle Management.

- 3 to 5 years experience working as a hands-on system, network or security administrator in a support role. Experience should include handling projects in an independent capacity and with extensive cross functional co-ordination.

- Experience in handling security projects is required. The interview process will include a technical competency assessment of security knowledge, including both concepts and their application to typical scenarios.

Description :

Job Title : Security Analyst

Department : Yodlee Security Office

Reporting Structure :

Reports to Manager, Security Operations Center

Summary of Position:

Assume primary responsibilities for security operations (Security Monitoring, Alerts handling, Systems and Network Compliance, Vulnerability Life Cycle Management.

Primary Responsibilities :

List 3 to 6 key responsibilities of the job

1. Responsible for handling all security alerts - Review the alerts and handle them as per the process. This involves working with different groups and ensuring that all the alerts are closed in a timely manner. This position also contributes to the process improvements.

2. Responsible for patch management process - This involves a) performing security impact analysis for the patches and vulnerabilities published by vendors other security research sites for different platforms ( Operating Systems, Web Servers and Network devices) b) Defining priority for the patch roll out c) Ensuring that the patches are rolled out in a timely manner d) Scanning the systems and other platforms to validate that the patches are applied and following up with various teams to address any gaps

3. Responsible for Vulnerability Management Process - This involves a) Ensuring that vulnerability scans are run at scheduled time b) Scan results are analyzed in a timely manner c) Categorizing the vulnerabilities as per defined process d) Fixes are applied as per the vulnerability policy e) Tracking the open issues and follow up with different teams to address the open issues.

4. Security Log Analysis - Monitor and analyze the logs from various security tools - Any events that need to be correlated from a security perspective to be researched and submitted to the tools team for the alert development

5. Compile Security Metrics - Automate management reports based on information generated from different security tools - Compile security metrics and efficiency metrics for management review.

6. Assist in providing requirements for new and existing security systems, tools, and applications

7. Collaborate with different groups to ensure that their requirements and new initiaves adhere to information security policies and best practices

8. Perform device reviews to ensure compliance with hardening standards, access controls and security related configuration settings

9. Prepare security documentation including security procedures, standards, notifications and alerts in support of other Information Security teams within the Yodlee Security department.

10. Assist in writing best practice procedures for the following services: Incident analysis, Incident response coordination, security audits or assessments, certificate authority, log analysis & diagnostics, and host vulnerability scanning

Work Experience : 4 to 6 years experience working as a hands-on system, network or security administrator in a support role. Experience should include handling projects in an independent capacity and with extensive cross functional co-ordination.

- Experience in handling security projects is required. The interview process will include a technical competency assessment of security knowledge, including both concepts and their application to typical scenarios.

Skills:

1. Prior work experience in SOC or NOC environment

2. Familiarity needed with several key security technologies - Cisco Security products, Checkpoint firewalls, Juniper firewalls, DLP tools( MacAfee), Source fire IDS, MacAfee/Splunk SIEM, Certificate and key management tools, Firewall monitoring and OS compliance checkers.

3. Prior System administration background in Linux/Unix

4. Experience with Scripting

5. Strong analytical and problem solving skills

6. Demonstrated experience working in heterogeneous environment

7. Excellent communication skills both verbal and written

8. Knowledge of PCI and ISO 27001 regulations

9. Experience in handling security projects

Certification/Training :

- Security or Network certification is desirable, with preference given to current holders of CISSP, CISM, CISA or GIAC

- Other Job-Related Requirements: (location, travel, minimum physical requirements) No travel

Required Field :

This job specification should not be construed to imply that these requirements are the exclusive standards of the position. Employees will follow any other instructions, and perform any other related duties, as may be required.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.