IT Security Operations Analyst
Description & Requirements
About Us:
We're here for the hard-working businesses that keep the world turning. They're the companies who make, deliver, and sell the things we all need. They trust Epicor to help them do business better. Their industries are our industries, and we understand them better than anyone. By working hand-in-hand with our customers, we get to know their business almost as well as they do. Our innovative solution sets are carefully curated to fit their needs, and built to respond flexibly to their fast-changing reality. We accelerate every customer's ambitions, whether to grow and transform, or simply become more productive and effective. That's what makes us the essential partners for the world's most essential businesses.
About the Role:
The IT Security Operations Analyst is assigned to the Security Operations Team and is responsible for preventing, identifying and responding to security incidents which impact both Epicor corporate and customer environments. Analyze event data for patterns of malicious or unwanted activities in the enterprise. Maintain knowledge on the latest intelligence and attack methodologies to take corrective actions during security incidents. Works with management and other personnel, as needed, to identify security needs.
What You'll Do:
- Proactively protect the integrity, confidentiality, and availability of information stored & processed by and/or in the custody of Epicor Software.
- Monitor, analyze, and react to security alerts, incidents, vulnerability reports from multiple sources (event logging, vulnerability scans, security alerts)
- Review and triage vulnerability findings into manageable reports, provide relevant analysis, suggest mitigations, track remediation, manage scheduled scans, identify gaps and expand scan coverage, and escalate as appropriate.
- Assist Tier 1 and Tier 2 support groups with diagnosing and triaging potential information security incidents, troubleshoot issues related to security controls.
- Participate in the planning and execution of Incident Response activities.
- Help to educate IT staff and end users regarding information security best practices and organizational policy.
- Participate in the development and delivery of IT security standards, processes and playbooks.
- Keep abreast of emerging security threats, attack vectors, industry trends, technologies, products and services.
- Develop and document technical security standards to comply with policies and best practices.
- Conduct technical evaluations of IT systems for compliance with security policies, standards, and best practices.
- Support other department initiatives and deliverables as needed.
What You Need to Succeed:
- BS or BA degree (preferably in a technology related field) or any combination of equivalent education, experience, and formal training that allows the candidate to meet the requirements of the job.
- Security-related certifications strongly desired, but not required. (Security+, CEH, OSCP, GIAC GSEC, CISSP, etc)
- 4 or more years of information technology experience, at least 2 of them in a relevant information security and/or risk management field.
- In depth knowledge of the IT security industry & best practices. Broad knowledge of the IT industry.
- Strong organizational and teamwork skills.
Prior information security engineering experience in as many of the following areas as possible:
- Operating system and platform security (Microsoft Windows and Linux).
- Network security (LAN, WAN, MPLS, VPN).
- Storage Area Network (SAN) security
- Application & System security.
- Cloud, virtual and Software-Defined Network (SDN) security.
- Network, application and next-generation firewalls.
- Intrusion detection & prevention systems.
- Unified threat management systems.
- Digital Loss Prevention (DLP) systems.
- Secure Web Gateway systems.
- Wireless & mobile device security.
- Anti-virus and anti-malware/EDR systems.
- Log-monitoring and event management systems.
- Security scanning and vulnerability detection tools.
- Identity & access management systems.
- Directory services (Microsoft Active Directory, LDAP, etc.)
With almost five decades of industry experience, Epicor is the leader in Enterprise Resource Planning. Now is an exciting moment of transformation for our teams as we are well on our way to becoming the cloud vendor of choice. As we work to enable a world of better business through the power of collaboration, you will have all new opportunities for internal mobility, to develop and sharpen your skills, and to work interdepartmentally on a global level. Check out what some of our employees are saying about internal mobility at Epicor here.
FOLLOW US ON LINKEDIN - http://www.linkedin.com/company/epicor-software-corp
Epicor is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, gender identity, disability or veteran status.
Requisition Number: 2002158
#LI-DD1