The Security Analyst provides information security related support to projects thru the Systems Development Life-Cycle (SDLC), Threat and Vulnerability Management, Risk Management and Compliance, establishing trust relationships through active engagement and collaboration. This position is also responsible for validating security requirements adherence, evaluating security services and technologies, maintaining information security policies and procedures. The Security Analyst is also responsible for assisting in performing host and vulnerability assessment, managing change requests thru change management process, performing vendor risk assessments and ensuring Ross’ compliance with all applicable laws, rules and regulations.
- Develops test cases and procedures for validation of project related security requirements.
- Executes test cases and procedures to validatesecurity requirements have been met prior to the deployment of the new/enhanced capabilities to Ross’ environment.
- Assist in researching and evaluating various methods to secure systems, networks, databases, and business applications in support of the project deliverables, related services and other IT organizations.
- Maintains system, database, or network devices minimum security baselines and automated scripts use for host security certification process.
- Performs host security certification to ensure compliance with minimum security baselines.
- Assist in the execution of project related penetration testing and source code security review, where applicable.
- Contributes in identifying resolution to security related problems by using creative thinking and problem solving.
- Contributes to the development of technical reports, departmental metric reporting and/or security related presentations.
- Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy, so that Ross Stores is warned in advance and is ready to be fully compliant with these requirements.
- Analysis / Judgment
- Team Work
- Customer Service
- Drive for Results
- Interpersonal Effectiveness
- Technical Competence and Expertise
- Business Acumen
QUALIFICATIONS AND SPECIAL SKILLS REQUIRED:
- Minimum of 3years in Information TechnologySecurity.
- Demonstrated experience in information security for applications, web architectures, operating systems, databases, and networks.
- Working knowledge of UNIX and Windows.
- Ability to articulate security issues in terms of business risk.
- Ability to analyze and solve complex problems.
- Ability to work in a group setting and independently.
- Excellent attention and orientation toward meticulous work.
- Proficient in Microsoft Office Products.
- Familiarity with firewalls, VPN, PKI, IPS, wireless, IPT, virtualization security, Oracle and MS SQL preferred.
- Requirements: Consistent timeliness and regular attendance. Job requires ability to work in an office environment, primarily on a computer. The job also requires sitting, standing, walking, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.
- Occasional Requirements: Job occasionally requires bending, kneeling, reaching, and lifting up to 10 pounds.
- May also require occasional driving and/or traveling overnight for business functions or site visits.
- Vision requirements: Ability to see information in print and/or electronically.