Senior Information Security Analyst

Job Description

AutoNation Headquarters

Position Summary:

 

The Senior Information Security Analyst’s primary responsibilities include data loss prevention, incident response, infrastructure security compliance, vulnerability identification and remediation, threat hunting, and application security.

 

Organizational Relationships:

 

The incumbent works with the Information Technology team and the business to support secure information process and technology.

 

Job Responsibilities:

  • Participate as part of the Information Security Operations team.  Some after hours and weekend work required.
  • Act as part of the Cyber-Incident response team.
  • Make recommendations to management on enhancements to existing and new security hardware, software or related tools.  Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools.
  • Perform risk analysis for corporate functional and technical areas relevant to data security.
  • Configure, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to IDS/IPS (Host/Network/Wireless), secure file transfer, DLP, full disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, application whitelisting, vulnerability management, threat hunting, etc.
  • Ensure security best practices are identified and integrated into all facets of the project including network, system designs/configuration, and implementations.
  • Identify and recommend potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key security risks. Partner with various business units to enhance security policies/procedures.
  • Create and maintain data security documentation, policies and procedures.
  • Assists in the identification, response, investigation, and remediation of potential breaches of and issues surrounding data security.
  • Responsible for executing programs for user awareness, compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.
  • Responsible for providing support during off hours in an on-call rotation.
  • Provide technical guidance on security/privacy policies and standard development and Subject Matter Expert (SME) to enterprise architects and other technologists.
  • Responsible for supporting programs for compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.
  • Perform other job related functions as assigned.

Qualifications:

  • BS. Degree required in Computer Science, Information Technology, or related field of study; or any equivalent combination of relevant background, skills and experience.
  • 5+ year’s relevant experience in Information Security in medium to large organizations.
  • One or more security certifications such as CISSP, CISA, SANS GIAC, or relevant security certification(s) required. Additional technology certifications such as MCSE, CCNA/CCNP, PMP, etc. preferred.
  • Hands-on experience with two or more of the following: data loss prevention technologies, incident response and remediation, network security services, ethical hacking and vulnerability scanning, firewall and intrusion detection technologies.
  • Other complimentary skills include: application development background and strong working knowledge of security code review processes.
  • High degree of proficiency MS Office Suite, Outlook & Internet applications.
  • Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills
  • Strong verbal and written communication skills.
  • Strong negotiation/mediation skills.
  • Demonstrated collaborative skills and ability to work well within a team.
  • Ability to work with and influence senior management.
  • Ability to work in a fast-paced and deadline-oriented environment.
  • Self-motivated with critical attention to detail, deadlines and reporting.

Next Possible Position:

 

Information Security Team Lead

 

Physical Requirements:

  • Extended working hours may be required as dictated by management and business needs.
  • Ability to travel (25%) to multiple facilities as business needs dictate.
  • May be required to lift, push, or pull materials weighing up to twenty (20) pounds.
  • May be required to sit and review information on a computer screen for long periods of time.
  • May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard.