Responsible for the daily monitoring and analysis of information collected from the company's information security systems and tools in order to preserve the confidentiality, integrity and availability of information resources and assets. Seek out weaknesses of the company's infrastructure by analyzing data and recommending solutions to remove, reduce or mitigate risk.
Essential Duties and Responsibilities:
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
Minimum Skills and Competencies:
- Install, operate, and maintain a variety of security solutions or systems to include IDS/IPS, SIEM and DLP
- Assists Security Administrators with the implementation and tuning of policies for systems such as IDS/IPS, SIEM and DLP
- Review and respond to security event logs and alerts from installed security solutions and tools such as firewalls, IDS/IPS, SIEM and DLP
- Conduct examinations of computers, system logs, applications and network security events
- Analyze, document and escalate security incidents per policy
- Work with Security Architects in determining the proper systems and tools to protect company resources
- Perform vulnerability assessments and recommends remediation actions
- Maintain knowledge of current security threats, vulnerabilities and mitigation techniques
- Perform risk analyses and security assessments, identifying potential threats and recommends mitigation actions
- Maintain knowledge of HIPAA, PCI, SOX, ISO27001 and NIST Cybersecurity Frameworks
- Participate in Disaster Recovery and Business Continuity planning and testing
- Perform vendor security assessments in the continental US and overseas
- Track findings and remediation activity to completion
- Provide mentorship and assistance to junior members of team
- Participate in the ongoing development and maintenance of security awareness training
- Provide reporting for trending and key performance indicators related to the information security program
- Assists with the establishment of corporate security policies and procedures to protect information assets against unauthorized access, modification and/or destruction
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Bachelor Degree or in-lieu of degree equivalent education, training and work-related experience
- 3+ years of experience as a Security Analyst
- Demonstrated knowledge of HIPAA, PCI, SOX, ISO27000 or NIST Cybersecurity Frameworks
- Ability to travel in both the US continental and oversees (passport eligible)
- Experience managing IDS/IPS, penetration and vulnerability testing
- Working knowledge of DLP, anti-virus and anti-malware solutions and concepts
- Working knowledge of TCP/IP, computer networking, routing and switching concepts in an Enterprise environment
- Demonstrated experience with Firewall and intrusion detection/prevention protocols and best practices
- Demonstrated knowledge of Windows, UNIX and Linux operating systems, vulnerabilities and administrative techniques
- Demonstrated experience with network sniffing and packet analysis tools
- Demonstrated detailed oriented self-starter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments
- A strong ability to multi-task and manage varying priorities and projects
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate security risk and compliance related concepts to a broad range of technical and non-technical staff
- The ability to provide support after normal business hours
- Proficient in Microsoft Office (Word, Excel, Outlook, PowerPoint)
- Bachelor Degree in Computer Sciences, Cyber Security or equivalent experience
- Experience with McAfee ePO and endpoint products, Rapid7 InsightVM, QRadar, Venafi, Proofpoint, Crowdstrike, F5 WAF, DUO Security. Palo Alto
- Working knowledge of cloud computing, SaaS models and Cloud Security Alliance (CSA) principles
- IT Cyber Security experience in a publicly traded and regulated environment to include one more of the following industries: Insurance, Financial Services, Pharmaceuticals
- Industry relevant certifications such as Security+, CCNA, CCNA Security, ENSA, CEH, CISSP, CISM, CEH, ECSA, GSEC/GCIH/GCIA - GIAC
- Audit experience to include SOX, SOC II Type II, SSAE 18, and or PCI to include remediation activities
National General Holdings Corp. is an Equal Opportunity (EO) employer - Veterans/Disabled and other protected categories. All qualified applicants will receive consideration for employment regardless of any characteristic protected by law. Candidates must possess authorization to work in the United States, as it is not our practice to sponsor individuals for work visas.
In the event you need assistance or accommodation in completing your online application, please contact NGIC main office by phone at (336) 435-2000.
This job has expired.