Security Analyst - Intermediate

Company: Finning International Inc.

Number of Openings: 1

Worker Type: Permanent

Position Overview: With a reporting line to the Security Operations Manager, the Intermediate Security Operations Analyst will be globally responsible for improving the security posture of all Finning regions regarding governance policy compliance, firewall policy management, vulnerability management, SIEM alert management, email hygiene, anti-virus management, and incident response.

The ideal candidate for this position is a proven thought leader, problem solver and integrator of people and processes, as well as an effective global internal consultant. The Intermediate Security Operations Analyst must possess solid domain competencies in a number of IT-security-related disciplines, including risk, business continuity management, privacy and compliance.

Job Description:

Major Job Functions:

• Governance policy compliance, including validating policy compliance, contributing towards team budget development and management, security awareness training

• Firewall policy management, including annual policy review, reviewing and approving planned and ad-hoc policy rules changes, reviewing and approving IPS policy rules and onboarding new firewalls

• Vulnerability management, including asset scans and mapping

• SIEM alert management, including identifying log parsing errors, advising on remediation activities, reviewing/action of alerts and collaborating on alert optimization-

• Email hygiene and anti-virus management, including investigating/responding to alerts, system monitoring and contributing towards continuous improvements and upgrades

• Incident response, including reviewing logs and collaborating to prevent/isolate traffic, solution development and threat analysis

• Providing insight into incident management, continuous improvement to procedures and policies

Benefits:

In addition to 25 days holiday, an annual bonus, a competitive salary, life insurance, and up to 7% pension, you will benefit from:

• Private medical insurance

• Enhanced maternity and paternity packages

• Family-friendly policies to support working parents

• Enhanced flexible working options

• Support from a team of 40+ Mental Health first-aiders

• Employee wellbeing solutions

• Electric car scheme (UK)

• The opportunity to work with your charity of choice

• Length of service or recognition awards.

Specific Skills:

• Awareness of Identity and access management (IAM) solutions

• P articipation in the configuration of endpoint protection technologies and techniques, Web application firewalls and intrusion prevention, and encryption methodologies

• K nowledge of access control methodologies (MAC, DAC, RBAC)

• Working experience with firewall monitoring, content filtering, IDS/IPS systems, SIEM tools and network scanners, and cyber security techniques

• E xperience working with a variety of firewalls, including trouble-shooting, log review and configuration

• E xperience with onboarding security requirements for new Projects

Knowledge:

• Basic knowledge of a broad range of standards and frameworks - for example, International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Payment Card Industry - Data Security Standard (PCI DSS), Bill-198, Personal Information Protection and Electronics Documents Act (PIPEDA)

• Knowledge of common risk management methodologies - for example, Control Objectives for Information and Related Technology (COBIT5)

• Understanding of strategic business risks

• Ability to develop a comprehensive understanding of Finning's business, market and industry and relate that knowledge to identified operations- and IT-related risks

• Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes

• Knowledge and use of User and entity behaviour analytics (UEBA)

• Experience with social engineering, penetration testing, vulnerability risk assessments, cloud computing

Education & Experience:

• Bachelor's degree in Computer Science or equivalent experience

• Obtained or working towards one of the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control, Certified Ethical Hacker, Global Information Assurance Certification (GIAC)

• Three to six years of experience in IT security management or a related discipline (for example, risk, privacy, business continuity management or compliance).

At Finning, we prioritize creating a diverse and inclusive environment. We are proud to be an equal opportunity employer, and we actively encourage all individuals to express themselves and achieve their full potential. As a company, we continuously strive to enhance our outreach to individuals of all backgrounds and identities. We do not discriminate against applicants based on gender identity, race, national and ethnic origin, religion, age, sexual orientation, marital and family status, and/or mental or physical disabilities. Furthermore, Finning is committed to collaborating with and providing reasonable accommodations /adjustments to individuals with disabilities. If you require an adjustment/accommodation at any point during the recruitment process, please inform your recruiter.