Security Analyst
Smith+Nephew
Alajuela, Coyol, CR
hace 4 días

At Smith+Nephew, global medical technology company, we design and make technology that takes the limits off living, and we help healthcare professionals achieve the same goal.

Together we improve life, while also improving performance. This formed the basis for our purpose, #LifeUnlimited, and our culture pillars of Care, Collaboration and Courage.

Care means that we show empathy and understanding for each other, our customers and patients.

Collaboration means we work together as a team, based on mutual trust and respect.

Courage is about continuous learning, innovation and accountability.

Currrently we are looking for someone to join our team on position of :

The Security Analyst assesses information risk and facilitates remediation of identified vulnerabilities with Smith & Nephew network, systems and applications.

S / he reports on findings and recommendations for corrective action. In this capacity, this individual performs vulnerability assessments utilizing IT security tools and methodologies.

This highly visible employee facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation and reports on findings.

The Security Analyst maintains oversight of IT and vendors regarding the security maintenance of their systems and applications.

S / he provides weekly project status reports, including outstanding issues. In this role, this individual assists in all IT audits, IT risk assessments, and regulatory compliance.

Responsibilities

  • Security Incidents responsible for ownership from beginning to end (investigation, documentation, and remediation)
  • Monitoring including native consoles, security information and event management, correlation tools, and other analysis tools that watch for threats, vulnerabilities, or environmental changes that affect risk.
  • Implementing or approving configuration changes on some platforms in conformance with change management and control, deploying patches for security products, providing input on the deployment of patches for non-security products, and making recommendations as to when out-of-cycle patches are required.
  • Helping enforce enterprise security policies and developing security operations procedures.
  • Incident Management - Liaising and integrating with other IT operations and service management processes (such as problem management and configuration management) as appropriate
  • On Call for Security Incidents as needed
  • Education

    Bachelor's degree in computer science, information systems and / or equivalent experience

    Licenses / Certifications

    PCNSA or PCNSE certification preferred

    Current CISSP, CRISC, CISA, GIAC or equivalent certification preferred.

    SANS-related certifications Education

    Experience

    2+ years of experience as an Information Security Administrator or Engineer.

    Strong understanding of mitigating security controls (i.e., anti-virus, IPS / IDS, email filtering, web site blocking, patching) and how they work in an overall defense in-depth risk assessment methodology.

    Experience with vulnerability management and risk assessment

    Knowledge of cyber security standard frameworks such as ISO and NIST

    Understanding of network infrastructure, including firewalls, web proxy and / or email architecture- particularly as they apply in a mitigating control functionality

    Experience with different cloud computing platforms and the cloud security framework.

    Ability to design, recommend, plan, develop and support implementation of innovative security solutions.

    Competences

    Strong communication & organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required.

    Ability to work independently without daily direction.

    Understanding of back-channels typically used by actors for malicious activity.

    Understanding of obfuscation techniques and best practices for ensuring device non-attribution.

    Understanding of one or more Technology Platforms (Windows, Linux, Middleware Applications, Database Applications) - specifically as they apply to successful security control mitigation and particularly to vulnerability management.

    Understanding of distributed denial of service attack intelligence gathering, concepts, mitigation tools, and techniques.

    Understanding of mobility security device and application risk and threat assessment.

    Understanding of nation and non-nation state actors, hacktivist groups, advanced threats, and the "kill chain" methodology.

    Familiarity with secure coding best practices.

    Reportar esta oferta
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Inscribirse
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Continuar
    Formulario de postulación