At Smith+Nephew, global medical technology company, we design and make technology that takes the limits off living, and we help healthcare professionals achieve the same goal.
Together we improve life, while also improving performance. This formed the basis for our purpose, #LifeUnlimited, and our culture pillars of Care, Collaboration and Courage.
Care means that we show empathy and understanding for each other, our customers and patients.Collaboration means we work together as a team, based on mutual trust and respect.
Courage is about continuous learning, innovation and accountability.Currrently we are looking for someone to join our team on position of : The Security Analyst assesses information risk and facilitates remediation of identified vulnerabilities with Smith & Nephew network, systems and applications.
S / he reports on findings and recommendations for corrective action. In this capacity, this individual performs vulnerability assessments utilizing IT security tools and methodologies.
This highly visible employee facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation and reports on findings.
The Security Analyst maintains oversight of IT and vendors regarding the security maintenance of their systems and applications.
S / he provides weekly project status reports, including outstanding issues. In this role, this individual assists in all IT audits, IT risk assessments, and regulatory compliance.
ResponsibilitiesSecurity Incidents responsible for ownership from beginning to end (investigation, documentation, and remediation)Monitoring including native consoles, security information and event management, correlation tools, and other analysis tools that watch for threats, vulnerabilities, or environmental changes that affect risk.
Implementing or approving configuration changes on some platforms in conformance with change management and control, deploying patches for security products, providing input on the deployment of patches for non-security products, and making recommendations as to when out-of-cycle patches are required.
Helping enforce enterprise security policies and developing security operations procedures.Incident Management - Liaising and integrating with other IT operations and service management processes (such as problem management and configuration management) as appropriateOn Call for Security Incidents as neededEducationBachelor's degree in computer science, information systems and / or equivalent experienceLicenses / CertificationsPCNSA or PCNSE certification preferred Current CISSP, CRISC, CISA, GIAC or equivalent certification preferred.
SANS-related certifications EducationExperience2+ years of experience as an Information Security Administrator or Engineer.
Strong understanding of mitigating security controls (i.e., anti-virus, IPS / IDS, email filtering, web site blocking, patching) and how they work in an overall defense in-depth risk assessment methodology.
Experience with vulnerability management and risk assessmentKnowledge of cyber security standard frameworks such as ISO and NIST Understanding of network infrastructure, including firewalls, web proxy and / or email architecture- particularly as they apply in a mitigating control functionalityExperience with different cloud computing platforms and the cloud security framework.
Ability to design, recommend, plan, develop and support implementation of innovative security solutions.CompetencesStrong communication & organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required.
Ability to work independently without daily direction.Understanding of back-channels typically used by actors for malicious activity.
Understanding of obfuscation techniques and best practices for ensuring device non-attribution.Understanding of one or more Technology Platforms (Windows, Linux, Middleware Applications, Database Applications) - specifically as they apply to successful security control mitigation and particularly to vulnerability management.
Understanding of distributed denial of service attack intelligence gathering, concepts, mitigation tools, and techniques.
Understanding of mobility security device and application risk and threat assessment.Understanding of nation and non-nation state actors, hacktivist groups, advanced threats, and the "kill chain" methodology.
Familiarity with secure coding best practices.