Information Security Analyst II

Macy's Inc. - Johns Creek, Georgia

• This position will mentor Analysts I as a technical leader and work closely with them to manage & resolve multiple incidents simultaneously and prioritize based on risks.
• This is a position for an experienced Information Security Analyst that will receive minimal supervision from management and will be required to lead and make decisions on day to day activities and forensics investigations.
• This position will be required to have good written and oral communication skills to present the results of the technical analysis and research of each incident or investigation.
• The Information Security Analyst II should have experience and understanding of multiple security platforms and layers including Anti-virus, Firewalls, Proxy servers, Intrusion Prevention Systems, Logging Correlation/management, Operating systems, Protocols and Incident Response.

Key Accountabilities:
 

• Responds to escalated security events or incidents and implement counter-measures to reduce and/or mitigate further exposure.
• Performs triage on events which are reported by various detection devices to filter out things such as false positives and known accepted activities.
• Performs system analysis and create reports to display trends and overall statistics based on correlated security incidents and event data to produce monthly exception and management reports.
• Reports unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
• Respond to escalated security events or incidents and implement counter-measures to reduce and/or mitigate further exposure.
• The analyst performs triage on events which are reported by various detection devices to filter out things such as false positives and known accepted activities.
• Lead and manage security investigations from discovery to resolution and work as a incident response manager for each security incident.
• Create reports to display trends and overall statistics based on correlated security incidents and event data to produce monthly exception and management reports.
• Responsible for mentoring, training and support of Level 1 Analysts.
• Create and implement standard operating procedures and processes to help streamline investigations, daily monitoring and analysis research to ensure all analysts are effective and following the same guidelines.
• Other Duties as Assigned. 

• The analyst will continue to be engaged with management to provide updates and status to help clarify any decision that is needed to be made about a current security incident or risk exposure.
• The IS Analyst II will make decisions and recommendations on implementing and improving standard operating procedures as impact to improve efficiencies.
• The IS Analyst II will be involved with any and all proof of concept product testing to deciding how the product/tool can be integrated into daily activities, forensics investigations and how it impacts the team.
• The IS Analyst II will make the decision for Analysts I on whether a security event is a false positive or real security incident. 

• Understanding of Incident response methodologies and assist with coordinating security incidents.
• Resolves high impact and/or complex, chronic or cross-functional problems.
• Training and Coaching of other Information Security Analysts will be required.
• Ability to create detailed and/or focused documentation, reports or standard procedures.
• Instructs users on advanced features/functions of business and multiple applications software.
• Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
• Understanding of web applications authentication, session management, requests, form submission processes.
• Writes clear problem descriptions and instructions to aid other individuals or groups in problem duplication and resolution.
• Ability to explain technical concepts to technical or non-technical personnel.
• Ability to communicate effectively verbally and in writing.
• Ability to create detailed and/or focused documentation and reports.
• Ability to identify common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation.
• Ability to explain technical concepts to technical or non-technical personnel and communicate effectively verbally and in writing.
• Ability to decode and understand traffic flow at packet level traces (skilled with TCPDUMP, PCAPs, traffic generators, etc).
• Ability to perform IDS / IPS real-time monitoring analysis and/or network forensics.
• Minimum of 2-3 years experience in IT or Information Security.
• Knowledge or skill to create correlation rules to detect threats.
• Ability to understand, analyze and correlate security events and implement counter-measures to mitigate against intrusion attacks.
• Maintaining security monitoring and reporting appliances in addition to leading and analyzing security reporting.
• Experience or working knowledge of various networking devices and/or technologies like routers, switches and aggregators.
• Have experience with using or managing SEIM technologies
• Strong knowledge of TCP/IP, HTTP, FTP, cookies, authentication, virus scanning, web servers, SSL/encryption and reporting packages.
• An understanding of a wide array of server grade applications to include Lotus Notes, Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others.
• Experience with a host based FIM (File Integrity Monitoring) solutions.
• Working knowledge of VPN Remote Access Technologies.
• Experience or working knowledge of Authentication technologies like Radius or Tacacs.
• Working knowledge of Two-Factor Authentication solutions.
• Experience or working knowledge of Firewalls Technologies.
• Working knowledge of Intrusion Detection Systems/Technologies.
• Bachelor's Degree preferred and 2 to 4 years of related experience or an equivalent combination of education and experience.

Unable to retrieve job information. This job may not be available anymore. Sorry for the inconvenience.

---

Posted: 30+ days ago

Apply Now