The Information Security Analyst is vital member of the Information Security Office by performing continuous monitoring of critical systems. The candidate will help implement infrastructure and run Database Activity Monitoring (DAM) programs.
The candidate must be knowledgeable about how DAM fits into the broader Security Program and generally understand Data Security concepts around data loss prevention (DLP), tokenization and encryption, database activity monitoring. The candidate will work with multiple parties in establishing processes and policies to support the protection of sensitive/confidential data. The Information Security Analyst is responsible with working with subject matter experts to map out business requirements to systems/technical requirements.
Tasks: This position will independently monitor, establish/respond to policy violations alerts, and audit all database activity, which includes end user activity, administrator activity, and SELECT query transactions. This position will also ensure that audit logs stored securely to a central server outside the audited databases. The position will also work with other information security analysts to monitor, aggregate, and correlate activity for multiple sources of monitoring systems to address or be aware of various threat sources.
Effective writing, communication and presentation skills with present data analysis.
The ability to work easily with diverse and dynamic teams
Comfortable working in a project based / client serving model
Ability to absorb professional knowledge quickly and develop skills
Demonstrated analytical skills
Understanding of concepts involving Data Loss Prevention (DLP), Encryption/Tokenization, Database Activity Monitoring technologies to help address risk and to enhance security posture.
Will have the ability to help architect DAM solutions for customers.
Ability to work with clients to understand requirements and problem-sets and design solutions to address their Data Protection needs and DAM use cases.
Willingness to learn new technology and explore the Data Security product space and assess technology from vendors.
Experience with System Administration in multiple OS environments
Experience in database security (Oracle, SQL)
Experience performing typical maintenance of applications such as product updates, hardware refreshes, patching, etc.
Basic knowledge of encryption key management concepts
Basic knowledge in security industry regulations/standards (Payment Card Industry (PCI DSS), HIPAA, Gramm-Leach-Bliley Act (GLBA)) and compliance frameworks (ISO 27002, NIST, and Cobit)
A Bachelors Degree in Information Technology, or related area and professional work experience providing expertise in information technology, system architecture/technical design, and an understanding database activity monitoring.
Equivalent related experience may be substituted for education on a year-for-year basis.
The desired candidate must have 1-3 years in experience desired in developing and administering Database Activity Monitoring systems along with strong familiarity of database concept and administration.
DAM, DLP, Encryption, Token, Oracle, SQL, PCI, Hippa, GLBA, ISO 27002, NIST, Cobit