Security/Compliance Analyst
PowerPlan, Inc., Atlanta, GA, United States
POSITION SUMMARY
PowerPlan is looking for every opportunity to help our customers and prospects gain more value from our suite of software solutions We are looking for a top tier Security Analyst to join our team and help us protect our network and systems from cyber threats. You will be responsible for using various tools and techniques to detect, analyze, and respond to security incidents, as well as conducting vulnerability assessments and audits. You will also be involved in developing and implementing security policies and best practices, as well as providing guidance and training to other staff members.
To be successful in this role, you should have extensive experience with Crowdstrike falcon, including automation and tuning, as well as experience running vulnerability assessments with Qualys and monitoring, evaluating and tuning alerts in Rapid7 SIEM. You should have a solid understanding of security frameworks, standards, and regulations, such as NIST, ISO, SOC2. You should also have excellent communication, problem-solving, and analytical skills, as well as the ability to work independently and as part of a team.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Monitor and analyze network and system activity for potential security breaches, anomalies, and intrusions.
- Use Crowdstrike falcon to perform threat hunting, incident response, and malware analysis, as well as to automate and optimize security processes.
- Use Qualys to conduct vulnerability scans and assessments and provide recommendations for remediation and mitigation.
- Use Rapid7 SIEM to collect, correlate, and analyze security events and alerts, and to tune and optimize the alerting system.
- Prepare and maintain security reports, logs, and documentation.
- Develop and implement security policies, procedures, and best practices, in compliance with relevant security frameworks, standards, and regulations.
- Research and stay updated on the latest security trends, threats, and technologies.
- Implementation and maintenance of security controls, policies, and procedures.
- Work with CloudOps, IT and Dev teams to ensure security measures are implemented and operating effectively.
- Help to formalize and document existing information security processes in Confluence.
- Conduct quarterly access review activities and support other SOC2 calendar activities to support the audit lifecycle.
- Support compliance audits and assessments, such as SOC2, NIST and ISO 27001, by providing documentation and evidence of compliance.
- Help implement and standardize Security responses to security questionnaires using existing and new technologies.
- Prepare and present reports on security incidents and compliance status to senior management.
- Design and implement security solutions to protect against cyber threats.
KNOWLEDGE, SKILLS, AND ABILITIES
Required
- Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience.
- At least 5 years of experience as a Security Analyst, or similar role, in a large, or complex environment.
- Extensive experience with Crowdstrike Falcon, including automation and tuning.
- Experience with Qualys and Rapid7 SIEM, or similar tools.
- Knowledge of security frameworks, standards, and regulations, such as NIST, ISO, SOC2, etc.
- Knowledge of security concepts, principles, and best practices, such as threat modeling, risk assessment, encryption, authentication, authorization, etc.
- Knowledge of network and system security technologies, such as firewalls, IDS/IPS, VPN, antivirus, etc.
- AWS / Azure Cloud experience
- Knowledge of common security vulnerabilities, threats, and attack vectors, such as phishing, ransomware, DDoS, SQL injection, etc.
- Excellent communication, problem-solving, and analytical skills.
- Ability to work independently and as part of a team.
- Certifications such as CISSP, CISM, CEH, GCIH, GCFA, etc. are preferred.
PHYSICAL DEMANDS AND WORK ENVIRONMENT
The physical demands characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical Demands: While performing the duties of this job, the employee is frequently required to stand; walk; sit; reach with hands and arms; and talk and hear. Specific vision abilities required by this job include close vision, color vision, peripheral vision, depth perception, and ability to adjust focus. Employee regularly uses hands to finger, handle, feel and manipulate controls, phone, computer equipment, and other tools. The employee is occasionally required to climb or balance and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 25 pounds.
The work environment characteristics described here are representative of those that must be encountered by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Work Environment: This is a fast-paced, multi- tasking environment that may include frequent interruptions. Duties are typically performed in an office environment while sitting at a desk or computer table. The noise level in the work environment is usually moderate with limited exposure to weather conditions.
The employee is subject to schedule changes and/or overtime as required by the job and his/her supervisor. This may include working weekends, working after the course of normal business hours and at other times as required by the job. The employee is subject to these schedule changes on as little notice as 24 hours.
PowerPlan is an EOE
Applicant Privacy Notice
Please note that this is a hybrid role that involves a combination of onsite work from our corporate office as well as work from home. While we strive to accommodate flexible working arrangements when sensible, there will be times when onsite work is required. This could include scheduled office days, team meetings, client meetings, or special events.