Information Security Analyst
Location: Chicago, Illinois
Posted: September 14, 2016
Reference ID: 1685129646
Guggenheim is seeking an exceptional Security Analyst to join its Information Security team. Reporting to the Information Security Manager, this person will join a highly collaborative team responsible for monitoring and administration of Security Incident and Event Management (SIEM) systems. The Information Security Analyst performs the critical role of monitoring attempted intrusion, as well as performing security assessments on IT assets. The position is focused on implementing and improving technology and procedures related to vulnerability management, device hardening and cyber security incident response.
This position is responsible for vulnerability remediation and continuous monitoring of the enterprise infrastructure. The Information Security Analyst will meet with and educate other technology teams and business partners on security incidents, and vulnerability remediation guidance related to on demand, regular vulnerability scans, and penetration testing results. Additional responsibilities include the fine tuning of SIEM technologies, identifying false positives, preparing regular incident reports and gathering metrics and contributing to executive level reports of the vulnerability management program.
This position is located in either New York or Chicago.
Specific Responsibilities Include
• 5 years of hands on Information Security experience preferably within the financial industry or a in a SOC or Incident Response role
• Ability to quickly analyze data sets and identify patterns to uncover risky attributes and trends
• Ability to proactively tune systems to reduce false positives based on internal & external threat intelligence
• Ability to proactively mine event systems to identify emerging threats
• Ability to lead the firm's next generation cyber security incident response program detailing procedures for detection, response, mitigation, and reporting of cyber security incidents
• Ability to document and implement the rotation schedule and assignments for handling escalated incidents
• Ability to develop new processes and procedures for gathering, handling, searching, and retrieving, digital and/or physical evidence concerning incidents. Ensure forensically sound procedures are documented and followed
• Ability to develop standard processes for closing security alerts based on the type of alert.
• Ability to initiate and execute the cyber security incident response process, including prioritization and ranking of escalated incidents
• Working knowledge of the cyber security incident response technologies including network logging and forensics, security information and event management tools, security analytics platforms, log search technologies, host based forensics and case management system
• Act as subject matter expert for vulnerability management and threat intelligence
• Ability to identify and address common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and those in the OWASP top 10
• Ability to develop security baseline configurations for server and network infrastructure including scans for compliance
Skills & Experience Required
• Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred. Industry certifications such as CISSP or GCIH a plus.
• 5 years of experience in information security or related technology experience required, experience in the securities or financial services industry is preferred.
• 5 years of cyber security and incident response.
• Strong knowledge of technology and security controls related to the detection, analysis, containment, eradication and recovery from cyber security incidents.
• Familiarity with Windows operating system and associated vulnerabilities
• Strong verbal and written communication skills
• Server and database security hardening
• Network Device Security Hardening (Cisco routers, switches, firewalls, Citrix NetScaler)
• Certified Ethical Hacker (CEH) certification a plus.
• Technical writing experience
o Management level reports
o Standard operating procedures documents
o Formal processes and procedures documents
To succeed in the Guggenheim culture, candidates must be self-starters and strive for results. We are looking for people, who operate as business owners, adhere to the highest standards and think creatively to realize opportunities, wherever they may be.
Guggenheim Partners is an Equal Opportunity Employer committed to a diversified and inclusive workforce.