Location: San Francisco, CA (preferred) or Remote
This role is will be responsible for assisting with the operation of the Bank information security systems and controls with a goal to maintain a strong information security program that enables comprehensive monitoring and compliance verification. The Analyst will play a key role in Information Security event triage and incident response by monitoring the Security Information and Event Management (SIEM) system and other alerts generated by security related tools. The Analyst will also be involved in security operations and is expected to provide hands-on support for a broad spectrum of technologies, including security software running on Windows and Linux systems, network devices, virtual machines, as well as the Bank’s own products and services.
- Monitor security systems for anomalies, alerts, and respond to potential security issues.
- Investigate security related alerts and analyze events for impact and escalation.
- Derive conclusions on security events and propose solutions
- Assist in preparing documentation related to security issues and cyber incidents.
- Manage the Information Security service tickets to provide updates and closure.
- Promote security awareness through newsletter communications, classroom training, and facilitating computer based training exercises
- Work with and support Security Engineers in troubleshooting security infrastructure devices and solutions.
- Stay current on IT security trends and news, including researching emerging technologies and maintain awareness of current security risks.
- Participate in security vulnerability assessments and penetration tests on Bank systems and applications.
- Participate in periodic policy compliance reviews, risk assessments, and control testing.
- Participate in internal security audits and investigations.
- Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.
- Understanding in the following areas: Windows and Linux Security, Networking, Vulnerability Management, Cloud Security, Identity and Access Management.
- Strong understand of security concepts and hands-on with tools and systems such as firewalls, IDS/IPS, SIEM, manage antivirus/antimalware, patch management, NAC, and DLP, firewalls vulnerability scanners.
- Bachelor's degree in Computer Science, Information Systems, a related field, or equivalent work experience, is required.
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
- Minimum of two years of hands-on experience in an equivalent Information Security role. Banking and/or financial services industry experience, a plus.
- Self-motivated, organized and able to multi-task, prioritize, and adhere to deadlines
- Able to operate independently and effectively
- Industry certification is a plus: GIAC Security Essentials, Certified Ethical Hacker, GIAC Certified Incident Handler, Certified Security Administrator (firewall), CISSP.
- Programming knowledge, a plus (Perl, Python, C, PowerShell, Ruby, SOAP, XML).
- Security Operation Experience
- Knowledge of compliance and regulatory program requirements, a plus (such as HIPAA, ISO 27000, NIST, FISMA, and SOC standards).