Position Purpose

Under general management and IT Governance, the Senior Information Security Analyst is responsible for assisting in the integration of IT systems development with security policies and information protection strategies. The Senior Information Security Analyst is responsible for leading the administration of RLI’s vulnerability management program, maintaining Sarbanes-Oxley and PCI DSS compliance programs. More information can also be found on the application link.

Principal Duties & Responsibilities

• Lead remediation efforts resulting from vulnerability management program.

• Work closely with Development teams on incorporating vulnerability management program and security best practices into SDLC.

• Develop, implement and lead remediation plans based on identified security events.

• Responsible for the identification of security issues and risks associated with security events and manage the incident response process.

• Perform network and system forensics in response to security incidents.

• Conduct risk assessments, penetration tests, and diagnose internet/extranet security, intrusion attempts, and cyber-crime response.

• Lead project tasks on select security projects including development of requirements, evaluation of competing products, selection and implementation of products.

• Assist in developing responses to internal & external audits, penetration tests and vulnerability assessments.

• Recommends and coordinates the application of fixes, patches, & recovery procedures in the event of a security breach.

Education & Experience

• Typically requires a Bachelor's degree in computer science, computer information systems, management information systems or a related field

• 4+  years of related experience

• [OR] equivalent level of education and experience

• CISSP is required, GIAC certifications is preferred

Knowledge, Skills, & Competencies

• Advanced knowledge of information security best practices, technologies and concepts: firewalls, intrusion detection, assessment tools, encryption, certificate authority, etc.

• Advanced experience with industry-standard security technologies and assessment tools.

• Demonstrable experience with designing and leading a vulnerability management program.

• Experience performing information security assessments, monitoring security systems and responding to incidents within complex environments with distributed systems.

• Experience with creating controls to comply with information security frameworks (e.g. NIST, COBIT and ISO2700).

• Experience complying with security and regulatory standards (HIPAA, SOX, PCI, etc.).

• Ability to use a wide range of security technologies including, but not limited to: SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, vulnerability scanners to identify and remediate security events.

• Experience defending against vulnerabilities of cloud-based and distributed infrastructures.

• Advanced knowledge of emerging technologies and their impact on security architectures: service orientated architecture, enterprise frameworks, message based information exchange, etc.