You are here
Security Assurance Analyst - $50 Per Hour
Exciting Contract Opportunity with Top Global Asset Management Firm
Experience with Vulnerability Scanning & Penetration Testing
About Our Client
Our client is a Global Asset Management firm with offices across the globe. This role will sit in the San Antonio, TX office.
This position is an opportunity for an eager, creative, self-starter, with a passion for information security to develop their skills and contribute directly to the overall security posture of the firm. Under the guidance of the Senior Security Assurance Analyst, the individual filling this role will be responsible for testing the adequacy and effectiveness of enterprise wide information security controls. The Security Assurance Analyst analyzes, validates and documents findings and recommendations for review by the Senior Security Assurance Analyst. The person filling this position will have the opportunity to work on a broad range of security tasks and have a direct impact on the growing security assurance program.
The Successful Applicant
This role monitors and tests firm-wide security controls.
- Identify existing security controls within target areas by performing interviews, reviewing system documentation, and running discovery scans.
- Create effective control tests that do not increase risk to data or control itself.
- Execute control tests to validate they are meeting the control intent, are implemented uniformly across the enterprise, can't be circumvented or adversely impacted.
- Help develop new and improve existing control testing and monitoring processes.
- Perform vulnerability scans and analyze the results.
- Document information security controls, assessment findings, processes, and recommendations.
- Identify and report ancillary information security risks observed during control tests.
- Research industry security standards, best practices, emerging threats, vulnerabilities, and mitigation strategies.
Qualifications, Experience, and Education:
- Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Infrastructure Assurance, Information Security, Cyber Security or a related field (or relevant work experience).
- 2-4 years' experience in at least some of the following areas:
- Information Security Engineering
- Information Security Analyst
- Security Assurance or Information Assurance
- Vulnerability Assessments/Penetration Tests: Vulnerability research and analysis; threat and risk analysis; identification of insecure configurations; patch management; and experience with the following tools: Nmap, vulnerability scanners, etc.
- Security control and process Review: Technical and administrative security controls; industry standards and best practices (OWASP, NIST, SANS, etc.); technology owner/manager interviews.
- Suspicious Activity Monitoring: Intrusion Detection/Prevention; Data Loss Prevention.
- DLP scanning experience desired
- Splunk experience desired
- Understanding of authentication, authorization and auditing
- Ability to think like an attacker to design effective control tests.
- Strong analytical skills to determine the key pieces of information required to make informed decisions.
- Strong verbal and written communication skills. Ability to adjust communication style/content to interact with IT and business professionals.
- Excellent written/verbal communication skills
- Project management experience/knowledge, with ability to drive projects to successful completion
- Strong interpersonal, problem-solving, prioritization, organizational skills and attention to detail.
- Ability to merge and analyze large volumes of data utilizing tools such as MS Excel (e.g. pivot tables, etc.), Splunk, etc.
- MS Office (Access, Excel, Word, PowerPoint, Visio).
- Programming/scripting skills is a plus.
Special Knowledge (if applicable):
- Financial Services experience and/or the laws/regulations governing this sector is a plus.
What's on Offer