Back to Search New Search

Information Security Analyst Sr

CSG International Omaha, NE
Save

Job Description

Essential Job Functions

Responsibilities (by % of time)

35%- Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to: IPS/IDS alerts, Application Firewall alerts, malware alerts, change detection (FIM) alerts, rogue wireless network alerts, security system health alerts, exploit attempt alerts, etc.

35%- Participate in a vulnerability management program that includes: external and internal vulnerability scans of applications and systems, external and internal penetration tests of applications and systems, the documenting and remediating of identified vulnerabilities and exploits, routinely monitoring various communication avenues for security vulnerabilities and security patches, taking a risk based approach comparing those security vulnerabilities and security patches across the operating environment, and making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities

15%- Support processes such as Managing web browsing protections, web content filtering, and web site category white-listing/blacklisting, support automated encryption/decryption and secure file transfer of sensitive business process files, manage internally generated SSL certificates and SSL certificates generated by a managed PKI vendor and internal Certificate Authority

10%- Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to: Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), emerging state and Federal privacy laws, and general security auditing

5%- Participate in the organization's incident response plan and perform incident reporting on an as needed basis

Ongoing- Must be able to work outside normal business hours when needed in order to perform diagnosis and/or implementation of product releases or changes so that normal business workflow is not interrupted

Ongoing- Regular and reliable attendance is required.

Ongoing- Incumbent is accountable for professional working behavior to include; building and maintaining constructive working relationships, implementing proactive and concise communication, acting as a resource to colleagues, and engaging in collaborative thinking and problem solving while demonstrating CSG’s core competencies and values.

Typical Interactions/Relationships

External – Company clients, Security and service vendors, Security providers and consultants, regulatory auditors

Internal – Internal Audit, Compliance, Operations, Architecture and business units

Experience

  • Experience performing vulnerability scanning and penetration testing both at an application and network layer
  • Experience maintaining information security technologies, such as: IDS/IPS, malware prevention, database activity monitoring, secure password repository, multi-factor authentication, SIEM, SPAM prevention, web content filtering, IdM/IAM, encryption and encryption key management, DLP, change detection, and vulnerability scanners
  • 1-2 years’ experience with administration of enterprise applications
  • Ability to perform moderately complex support and administration duties on Windows, Linux, and Apple operating systems
  • Working knowledge of Active Directory concepts, user and group management, and GPO usage
  • Ability to generate scripts using common scripting languages including PowerShell
  • Solid understanding of PKI Configuration management experience
  • Ability to effectively communicate and collaborate with team
  • Hardware SAN experience
  • Experience implementing monitoring, security, and logging systems
  • Ability to use and manage security tools such as FIM, IDM, SIEM, vulnerability scanner
  • Experience in regulated and high-security environments
  • In depth knowledge of key management, certificate management, and encryption methodologies

Preferred

  • Qualified and successful candidates will have at least 5 years of experience working extensively within information security
  • Hardware Security Module (HSM) experience is a plus

Knowledge, Skills and Abilities

  • In-depth knowledge of TCP/IP: must be able to demonstrate technical understanding of all layers of the TCP/IP stack, including familiarity with major application-layer protocols such as HTTP, HTTPS, FTP, SFTP, FTPS, SMTP, DNS, etc.; must be able to read and understand a packet trace; must be able to read and interpret network access control lists
  • In-depth understanding of a variety of network and application attacks: examples include DoS/DDoS, buffer overflows, SQL injection, reconnaissance scanning, and evasive methods attackers use to avoid detection; must be able to demonstrate a minimum level of familiarity with well-known vulnerabilities and exploits
  • Working knowledge with IT security, compliance, and regulatory requirements, such as: Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), Healthcare Information Privacy Protection Act (HIPPA), state and Federal privacy laws

Preferred

  • Certified Information Systems Security Professional (CISSP) certification highly preferred
  • Penetration testing/ethical hacking certification(s) preferred

Education

  • College degree: Computer Science, Information Security, related field, or equivalent experience

Physical Requirements

  • Keyboarding/Writing/Clicking/Working with fingers –

Job Details

Date Posted August 11, 2017
Date Closes September 10, 2017
Requisition 12259
Located In Omaha, NE
Job Type Full-time Employee
SOC Category 00-0000.00
Zipcode 68102
Location