|Design, implement and manage data, systems and information security architectures to protect the integrity, availability and confidentiality of electronic information owned, controlled or managed by the Company.
|WHAT YOU’LL DO:
- Provide level 1 triage support for alerts within a cloud security posture management (CSPM) platform
- The analysis of application and service stack misconfigurations as requested by Incident Response team leadership in the process of determining sensitive data leakage
- Conducting periodic reviews of cloud deployed application and service stack security controls based upon best practices documentation
- Provide Infrastructure as Code governance over policies implemented within tools in the CI/CD Pipeline
- Reviewing web application firewalls (WAFs) logs as it pertains to traffic flow optimization and rule definitions
- Cross functional team collaboration for determining the appropriate implementation of security controls using a risk-based approach
- Conducting risk assessments of security controls as they pertain to enterprise IT assets and related potential business impact
- Collaborate with team members on process definitions/improvements for documentation purposes.
- Identify, define, develop, implement and ensure the ethical administration of all security policies, processes and procedures; investigate possible security exceptions; maintain and document security controls.
- Process requests for login IDs, passwords, data accesses and e-mail /internet requests. Develop, review and approve security administration guidelines, processes, and procedures.
- Report violations (internal and external sources) to the Security CIRT (Computer Incident Response Team) and participate in CIRT activities such as investigating internal and external security incidents, excess individual access authorities, and distributed security responsibilities.
- Produce reporting for primary security tools such as authentication directories, firewalls, anti-virus and intrusion detection software.
- Participate in analyst duties related to security architecture and infrastructure to include supporting the design, analysis, programming and testing of security products and services; collecting and analyzing relevant data related to security trends and technologies; and supporting development of technical and non-technical security designs to satisfy business requirements.
- Participate with team members in upgrades to hardware and software across all platforms, completing assigned tasks for operating system and security software upgrades.
- Participate in projects where security needs are identified, reviewing project designs for conformance to security standards.
- Identify and evaluate security processes to enhance productivity and effectiveness, keeping abreast of industry trends, threats, risks and controls.
- Work closely with customer business environments in order to provide appropriate solutions and process improvements.
- Consult on company-wide projects where security needs are identified; review all project proposal and design documents for security inclusion.
- Identify and evaluate security products to enhance current productivity and effectiveness. Make recommendations to department management based on evaluation and assessment.
- Maintain strong professional relations with internal customer areas and outside vendors, keeping abreast of industry trends, threats, risks and controls.
- Responsible for complying with all Company Information Services policies and standards.
- Responsible for ensuring appropriate security and privacy measures are implemented on technology solutions to protect Company data from intentional or accidental misuse.
This job posting is reflective of the IS Security Analyst essential functions, qualifications, and physical requirements. The Sr IS Security Analyst level has variable essential functions, qualifications and physical requirements. Competency and skill set will determine level of placement within the posted job family.
- Proven experience in system design, research, analysis, testing and implementation
- Detailed knowledge in specialized security technical tools and techniques and their implementation and administration
- Working knowledge of project methodology, and policy development and implementation
- Understanding of government regulations such as security, privacy, audit reporting, etc.
- Provide security analysis and system administration to protect the integrity, availability and confidentiality of electronic information owned, controlled or managed by the Company.
- Education (or equivalent work experience) in Computer Science, Information Systems or Business Administration
- Strong communication skills, good customer relations and team player Experience with AWS CDK in a DevSecOps environment
- Ability to determine application and or service stack risk from analyzing associated security controls or lack thereof
- General knowledge of CI/CD Pipeline architecture and tools
- Experience using application security scanning tools within a CI/CD context
- Experience with AWS security tools and services
- Knowledge of the OWASP Top 10 vulnerabilities, manual exploitation for proof of concept purposes, and remediation
- Understanding of scripted/command languages such as PowerShell, python, typescript, ruby, bash, etc.
- Understanding of compiled languages such as Java, C#, etc.
- Experience using source code repository technologies for version control purposes
- You help promote a culture of diversity and inclusion within the department and the larger organization. You value different ideas and opinions. You listen courageously and remain curious in all that you do.
- You are able to work remotely and have access to high-speed internet.
- Experience with microservices, container, and data security best practices
- Experience automating routine work using for increased productivity
- Experience with log analysis for identifying and triaging security events and incidents
- CISSP (Certified Information Systems Security Professional), CCSK (Certificate of Cloud Security Knowledge), CCSP (Certified Cloud Security Professional), AWS Certified Security – Specialty Certifications
- Proven leadership, business judgment, negotiation skills and customer relations with ability to operate independently but within team, division, operation and corporate guidelines
|WHAT WE CAN OFFER YOU:
- A diverse workplace where associates feel a sense of belonging.
- An organization that feels like a small, close-knit community and has the strength of a Fortune 500 company.
- Tuition reimbursement, training and career development.
- Comprehensive benefits plan that includes medical, dental, vision, disability and life insurance.
- Flexible spending accounts for healthcare and childcare needs.
- 401(k) plan with a 2% company contribution and 6% company match.
- Competitive pay with an opportunity for incentives for all associates.
- Flexible work schedules with a healthy amount of paid time off.
- For more information regarding available benefits, please visit our Career Site.
- Salary range depending on experience: $105,000 – $130,000
- Pay commensurate with experience.
|MUTUAL OF OMAHA:
Mutual of Omaha serves more than 4.8 million individual product customers and 39,000 employer groups. Our legacy of stability creates an environment where every associate is encouraged to experiment, innovate and grow in their own unique career path.
From day one, you’ll have the tools to be your best self at work. Here you’ll do meaningful work and your talents will have a positive impact on peoples’ lives as we help our customers protect what they care about and achieve their financial goals.
Each associate is a unique contributor to creating a diverse, dynamic, thriving and inclusive workplace. We want you to become engaged … feel a sense of belonging … and contribute to the company’s exceptional future.
Join forces with a company that can AMPLIFY YOUR STRENGTHS AND EMPOWER YOUR CAREER.