The Infosec Analyst will play a critical role in ensuring the security of our information systems and protecting sensitive data from potential threats and vulnerabilities. The Infosec Analyst will be responsible for monitoring, analyzing, and responding to security incidents, as well as implementing and maintaining security controls to mitigate risks and ensure compliance with industry standards and regulations.
Responsibilities
- Monitor and analyze security events and incidents using security information and event management (SIEM) tools to identify potential security threats and vulnerabilities.
- Investigate and respond to security incidents, including conducting root cause analysis, containment, eradication, and recovery activities to minimize impact and prevent recurrence.
- Implement and maintain security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and data encryption solutions, to protect against unauthorized access, malware, and other cyber threats.
- Conduct vulnerability assessments and penetration tests to identify and remediate security vulnerabilities in our information systems, applications, and infrastructure.
- Develop and maintain security policies, procedures, and standards to establish best practices and ensure compliance with industry standards and regulations, such as PCI DSS, CPRA and GDPR.
- Collaborate with cross-functional teams, including IT, operations, and compliance, to assess security risks, implement security controls, and respond to security incidents effectively.
- Stay informed about emerging threats, vulnerabilities, and security trends in the industry and recommend security enhancements or countermeasures to mitigate risks and improve security posture.
- Participate in security awareness training and education programs to promote a culture of security awareness and compliance among employees.
- Accountable for professional working behavior to include building and maintaining constructive working relationships, implementing proactive and concise communication, acting as a resource to colleagues, and engaging in collaborative thinking and problem solving while demonstrating V Shred’s core values.
- An employee may perform duties outside of their normal responsibilities as needed
Education
- Bachelor's degree in Computer Science, Information Security, or related field.
- Relevant certifications, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CompTIA Security+, or GIAC certifications, are a plus.
Experience
- 5+ years proven experience in information security, with a focus on security operations, incident response, and vulnerability management.
Knowledge, Skills and Abilities
- Strong technical skills in areas such as network security, endpoint security, intrusion detection/prevention, and security information and event management (SIEM).
- Experience with security assessment and testing tools, such as vulnerability scanners, penetration testing tools, and SIEM platforms.
- Knowledge of security standards, regulations, and best practices, such as PCI DSS, GDPR, and NIST.
- Excellent analytical and problem-solving skills, with the ability to analyze complex security incidents and recommend effective solutions.
- Ability to work in a fast-paced, deadline-driven environment while managing multiple projects simultaneously.
- Strong communication skills with a proven ability to effectively communicate to various audiences
- Ability to use a personal computer. Proficiency with other Microsoft Office applications
- Ability to read, write, speak, and understand the English language in a business environment
Physical Requirements
- Keyboarding/Writing/Clicking/Working with fingers – >75% of the time
- Sitting – >75% of the time
- Standing/Walking – minimal
- Pushing/Pulling – Not Applicable
- Lifting/Carrying – Not Applicable
- Vision – Near/Far – Good near vision required for working on the computer
- Hearing – Position requires ability to hear oral information
- Talking – Position requires oral communication
Job Type: Full-time
Pay: $110,000.00 - $120,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Employee discount
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Referral program
- Vision insurance
Compensation package:
Experience level:
Application Question(s):
- Please list any relevant security certifications.
- Have you worked at a direct-to-consumer company previously?
Experience:
- penetration testing: 3 years (Required)
Work Location: Remote