At Smith+Nephew, global medical technology company, we design and make technology that takes the limits off living, and we help healthcare professionals achieve the same goal.
Together we improve life, while also improving performance. This formed the basis for our purpose, #LifeUnlimited, and our culture pillars of Care, Collaboration and Courage.
Care means that we show empathy and understanding for each other, our customers and patients.
Collaboration means we work together as a team, based on mutual trust and respect.
Courage is about continuous learning, innovation and accountability.
Currrently we are looking for someone to join our team on position of :
The Security Analyst assesses information risk and facilitates remediation of identified vulnerabilities with Smith & Nephew network, systems and applications.
S / he reports on findings and recommendations for corrective action. In this capacity, this individual performs vulnerability assessments utilizing IT security tools and methodologies.
This highly visible employee facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation and reports on findings.
The Security Analyst maintains oversight of IT and vendors regarding the security maintenance of their systems and applications.
S / he provides weekly project status reports, including outstanding issues. In this role, this individual assists in all IT audits, IT risk assessments, and regulatory compliance.
Bachelor's degree in computer science, information systems and / or equivalent experience
Licenses / Certifications
PCNSA or PCNSE certification preferred
Current CISSP, CRISC, CISA, GIAC or equivalent certification preferred.
SANS-related certifications Education
2+ years of experience as an Information Security Administrator or Engineer.
Strong understanding of mitigating security controls (i.e., anti-virus, IPS / IDS, email filtering, web site blocking, patching) and how they work in an overall defense in-depth risk assessment methodology.
Experience with vulnerability management and risk assessment
Knowledge of cyber security standard frameworks such as ISO and NIST
Understanding of network infrastructure, including firewalls, web proxy and / or email architecture- particularly as they apply in a mitigating control functionality
Experience with different cloud computing platforms and the cloud security framework.
Ability to design, recommend, plan, develop and support implementation of innovative security solutions.
Strong communication & organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required.
Ability to work independently without daily direction.
Understanding of back-channels typically used by actors for malicious activity.
Understanding of obfuscation techniques and best practices for ensuring device non-attribution.
Understanding of one or more Technology Platforms (Windows, Linux, Middleware Applications, Database Applications) - specifically as they apply to successful security control mitigation and particularly to vulnerability management.
Understanding of distributed denial of service attack intelligence gathering, concepts, mitigation tools, and techniques.
Understanding of mobility security device and application risk and threat assessment.
Understanding of nation and non-nation state actors, hacktivist groups, advanced threats, and the "kill chain" methodology.
Familiarity with secure coding best practices.