Job Description
Job Summary:
The primary purpose of this role is to support the implementation and ongoing delivery of information security tools and processes. This includes responsibility for executing and improving processes and procedures with occasional guidance from more senior level security associates.
This role solves moderately complex problems while completing both tactical and non-tactical activities in support of the successful delivery of assigned information security processes.
The individual in this role continues to grow his/her understanding across the various tools and processes supported by the team, including the key integration points with other parts of Technology. He/she receives occasional guidance and direction from more senior level associates on the team.
With a focus specifically on Security Threat & Vulnerability, this role supports the execution of processes focused on vulnerability identification or remediation. This includes information security and risk activities such as oversight of vulnerability assessments and remediation programs serving both internal and external stakeholders.
Qualifications
. Bachelor’s Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)
. 3- years of experience in information security
. Basic understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown logging and monitoring application security user access perimeter protection principles, network communication rules intrusion detection and analysis methods etc.)
. IT experience in the retail industry
. Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
. Basic knowledge of Microsoft and Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring (specific to Security Operations Center role)
. Basic understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity (specific to Security Operations Center role)
. Basic knowledge of Microsoft and Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring (specific to Security Operations Center role)
. Previous experience working in a Security Operations Center (SOC) environment (specific to Security Operations Center role)
. Experience with malware analysis (specific to Security Operations Center role)
Security Threat & Vulnerability
. Basic knowledge of threat intelligence, threat hunting, attack surface management and investigations support functions (specific to Security Threat & Vulnerability role)
. General understanding of the output from cybersecurity scanning technologies to include operating systems, Custom Code, Web-based vulnerability analysis, 3rd party installed and hosted applications, cloud-hosted compute platforms, and microservices (specific to Security Threat & Vulnerability role)
. Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management (specific to Security Governance, Risk & Compliance role)
. Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen) (specific to Security Governance, Risk & Compliance role)
. Experience conducting information security risk assessments of vendors and vendor software (specific to Security Governance, Risk & Compliance role)
Source link