Security Analyst hos O'Reilly


Engineering Platform Boston, Massachusetts

Description

O’Reilly Media’s Platform Engineering team supports O’Reilly’s premier training service, which is used by technologists, managers, and designers around the world to hone their skills and improve their craft. We are made of many small teams that are broadly distributed across the US, featuring tightly collaborative groups of developers, designers, and product managers constantly encouraging each other to deliver work that instills pride and fulfillment.
As a Security Analyst at O’Reilly, you will be driving improvements to our risk management and data security programs. This will include contributing to policies and procedures, working across departments to implement audit controls, streamlining and optimizing processes, maintaining scheduled tasks, assist in training, supporting Sales and Legal teams by answering customer security questionnaires, and maintaining internal documentation.

Other responsibilities include:

  • Conduct security threat assessments of systems using applicable tools, techniques, frameworks, and audit standards
  • Identify security requirements, using methods that may include security risk and business impact assessment
  • Compile recurring security metrics for technical and management teams
  • Create and maintain technical documentation and procedures related to information security and compliance

About you:

We are interested in people who are detail-oriented and have an analytical mindset. An interest in research to keep updated on the latest possible vulnerabilities and working both on creating documentation as well working with engineering teams to outline security required updates.

Job Requirements:

  • Excellent organizational, planning, and time management skills.
  • Ability to operate independently and in a team.
  • Document and update management responses to third party security audits and assessments
  • Maintain at least one Information Security industry certification, such as Security+ or CISSP
  • Complete security review requests within published timeframes.
  • Ensure compliance with security policies and regulatory requirements such as PCI, SOC 2, GDPR and CCPA.
  • Document and enhance security compliance policies, control processes, workflows, and communication.
  • Create and maintain technical documentation and procedures related to information security and compliance
  • Deliver security awareness training
  • Build and report security metrics and program dashboards.
  • Gather feedfrom end-users to continue to improve systems
  • Help plan and carry out the handling of security
  • Manage security threat assessments of systems using applicable tools, techniques, frameworks, and audit standards
  • Assist in investigate security breaches and other cybersecurity incidents.

Nice to Have:

  • Familiar with Cloud Security models and threats
  • Experience with Incident Response procedures
  • Experience with multi-layered security frameworks
  • Ability to manage multiple projects at a time.
  • Accredited security training or certifications such as Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), Cisco Certified Network Associate (CCNA), Certified Information Systems Auditor (CISA).

Husk at nævne, at du fandt dette på Graduateland