Security Engineering Analyst
Posted on Aug 5, 2019 by CV-Library
The Information Technology Security Engineering Analyst is expected to work independently on projects and tasks by researching, gathering information and collaborating globally with other employees across teams and functions, to provide risk assessments or recommendations
Reports to: Senior Security Engineering Lead
The Information Technology Security Engineering Analyst will identify and implement security controls, in concert with the Security Architect designed to protect computer systems, networks and data. Information security analysts examine network security measures in light of threat trends in order to predict attack vectors and eliminate the associated vulnerabilities. They will analyze where security breaches may occur, or have occurred, in conjunction with the SOC analyst, and develop measures to repair or strengthen systems against such breaches. They will provided risk assessments of new software, hardware and cloud services prior to purchase; these can include security products, line of business applications and various utilities. They will also provide risk assessments of changes to existing systems and possible mitigations to reduce those risks. They will also conduct vulnerability and penetration testing against the IT infrastructure and provide input in developing the penetration testing program and processes. They will also advise developers and engineers on security concepts, security of protocols and secure development practices.
Location, Hurn, Bournemouth
As the Information Technology Security Engineering Analyst, your skills and qualifications will ideally include:
* 5+ years' experience in IT security, compliance and risk management, including privacy, controls, etc.
* BA/BS degree or equivalent experience; Computer Science or Math background preferred
* Proven ability to succinctly communicate complicated technical security issues and the risks they pose to corporate data.
* Experience in security architecture, security application scanning, vulnerability assessment, network and application security protection, prevention and mitigation techniques
* Experience implementation programs for improved network security, including segmentation, perimeter and in-depth monitoring, and active response
* Implementation experience with enterprise SIEM security solutions
* Knowledge of common encryption technologies (PGP, SSH, TLS, etc.) and authentication protocols (RADIUS, LDAP, Kerberos, SAML, OAUTH, etc.)
* Experience securing Active Directory environments including servers and endpoints
* Working knowledge of cloud computing technologies and workload transition challenges
* Security certifications, i.e. CISSP, SANS/GIAC, CISA, CISM, etc.
* Experience with NIST Security Framework, DFARS requirements, and other Cybersecurity standards
* Experience with data classification based on Corporate Policy and treatment in transit and at rest
* Experience with security development lifecycles and secure coding and software development concepts: MS SDLC, OWASP, etc.
* Experience with Public clouds such as AWS and MS Azure and associated security threats/mitigations, and common attack vectors
* Experience working with different firewall implementations including Palo Alto Networks, Juniper and Cisco and F5
* Experience with network protocols including threat hunting and troubleshooting at the packet and protocol level
As the Information Technology Security Engineering Analyst, your main responsibilities will involve:
* Designing computer security architecture and developing detailed cyber security designs in conjunction with the Security Architect
* Protecting systems by defining access privileges, and control structures
* Implementing security improvements by assessing current situation; evaluating trends; anticipating requirements.
* Determining security violations and inefficiencies by conducting periodic audits
* Prepare reports that document security breaches, the extent of the damage caused by the breaches and controls to update to prevent similar breaches
* Develop security standards and best practices for their organization
* Develop, implement and test corporate disaster recovery plans
* Conducting regular vulnerability scanning testing using security scanning tools designed to identify existing vulnerabilities
* Conduct regular Penetration testing against corporate infrastructure designed to illuminate infrastructure
* Advise developers and engineers on security concepts, security of various protocols and technologies, as well as secure development practices.
* Engineering, implementing and monitoring of security controls for the protection of computer systems, networks and information
* Identifying and defining system security requirements
About Cobham plc
Cobham is a leading global technology and services innovator, respected for providing solutions to the greatest challenges, from deep space to the depths of the ocean.
to find out more about us and or check out our