StamfordRecruiter Since 2001
the smart solution for Stamford jobs

Information Security Assurance Analyst Lead

Company: Crane Co.
Location: Stamford
Posted on: November 23, 2022

Job Description:

Position : Lead Global Information Security Assurance Analyst Date: June, 2022



Location: US Required, Remote Department: Global Information Security (GIS)



Reports To : Manager , Global Information Security



Do you have a passion for leading, developing and growing others? Do you enjoy the challenges of doing effective vulnerability management at scale? Do you enjoy testing, breaking, validating security solutions, configurations and tooling? Have you always wanted to make a real impact on securing an organization and seeing your efforts result in effective delivery of security operations at scale? We have an exciting opportunity leading in our Security Assurance Program.



We are looking for Information Security Assurance Analyst professionals like you to join our Team. The ideal candidate will have a solid proficiency in penetration testing methodologies and platforms, scripting and programming used for security testing, and have had broad exposure to application and systems testing and vulnerability assessments programs. You know how to be an effective purple-teamer, and have worked to improve defensive capabilities, detections and processes with great success.



In this role, the successful candidate will work closely with other Global Information Security team members, both in operations and in incident response to test our defenses, assist with planning exercises, and guide the overall approach to mitigating risk and closing security gaps.



Core Function:



You will be providing key contextual value to the business through identifying risks and threats in a diverse and interesting technology ecosystem. You will have exposure to best-of-breed security solutions and work closely within the broader Global Information Security team. You will help bring context and criticality to drive action to shore up defenses and help define future vision for providing holistic security to a global organization.



You will maintain, improve and deploy solutions supporting the assurance function, and partner with our SOC and incident responders to "up everyone's game", from detective controls, to process enhancements. You will work closely with our vendors to drive the best outcomes and help ensure our needs our met.



You will help to prioritize the work of others on the assurance team and mentor those individuals, teaching and developing them into top-notch assurance analysts.



In this role, you will help define what secure looks like for a global organization. Providing a critical feedback loop into security strategy and vision, you are helping to shape the future of technology, securely.



Responsibilities and Duties:



* Lead and advance all aspects of the Security Assurance function.

* Perform network and security reviews on various enterprise systems and applications and work with security and technology teams to ensure effective controls over security of data in various systems.

* Evaluate the security posture of systems and security processes to uncover vulnerabilities and potential exploitation vectors.

* Scope, lead, and participate and support sustaining vulnerability assessment processes.

* Ensure vulnerability operations and the timely escalation and remediation of emerging threats.

* Document and facilitate simulations and tabletop exercises for current and emerging threats.

* Support external penetration tests and other compliance initiatives.

* Exploit suspected software and hardware vulnerabilities and networks supporting internal testing.

* Plan and develop penetration methods, scripts and tests.

* Define testing scenarios and run tests in coordination with SOC and IR team members.

* Decipher and implement common attack frameworks like Mitre into a program of continuous improvement.

* Create reports and remediation recommendation from findings.

* Presenting findings and risks to both technical and non-technical audiences .

* Provide business and data Intelligence supporting threat analysis.

* Work closely with business and technology managers to fix processes/procedures to protect systems.

* Engage with vendors and 3rd parties in the development and execution of security testing.

* Effectively participate in data governance and risk compliance plans .

* Raise incidents involving the potential for data loss or threats operations or other important business areas.

* Develop and maintain reporting and metrics to support program objectives.



Qualifications and Competencies:



* Proven results performing enterprise penetration testing & application security testing.

* Demonstratable proficiencies performing security assessments using common open-source solutions.

* Adept in using PowerShell, Perl, Ruby and other similar languages to support penetration testing activities.

* Strong experience in navigating vulnerability management, both from and risk and a compliance perspective.

* Vulnerability operations, including scoping, integrating, scheduling and delivering remediation guidance.

* Foundational level of knowledge and experience with administering enterprise-level Information Technology systems



including networks, virtualization, cloud, operating systems, email, storage, databases, etc.



* Ability to work both independently and as part of a small, distributed team.

* Flexibility to work outside regularly scheduled/normal business hours as required.

* Commitment to security training and earning corresponding certifications.

* Disciplined, highly motivated and self-directed, with a focus on outcomes.

* Excellent verbal and written communication skills .

* Passion for solving complex problems.

* Ability to prioritize, schedule and track to deadlines.

* Required: At least 5 years relevant professional experience.

* Desired: Degree in a related field.

* Desired: Technical professional security certification such as GEVA, GPEN, GXPN, GPYC, GDAT or similar

* Crane Co. is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, or national origin or any other characteristic protected under applicable federal, state, or local law.



#LI-GC1



#LI-REMOTE

Keywords: Crane Co., Stamford , Information Security Assurance Analyst Lead, Professions , Stamford, Connecticut

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Connecticut jobs by following @recnetCT on Twitter!

Stamford RSS job feeds