Senior Security Analyst

Darden Restaurants   •  

Orlando, FL

Industry: Hospitality & Recreation


5 - 7 years

Posted 42 days ago

Job Description

The Senior Security Analyst is responsible for providing administration and oversight of several security technologies. These responsibilities include configuration, deployment and management of various security hardware/software applications, monitoring and alerting to securitythreats, and facilitating the remediation of those threats. The security analyst provides services and support across a diverse range of business applications, while adhering strictly to compliance and operational risk controls in accordance with regulatory standards, and Darden's policies and practices. The position requires a high degree of technical proficiency and familiarity with software, system and networksecurity issues in large enterprise environments.

-Manage, maintain and monitor multiple security technologies, such as vulnerability scanning solutions, IDS/IPS, anti-virus technologies, DLP capabilities, SIEM technologies, host forensics and malware analysis, web application firewalls and proxy solutions.
-Assess security information, triaging and responding to security events, identify false positives, and conduct correlation analysis across numerous internal and external data sources while prioritizing information security incidents.
-Coordinates the handling and resolution of security incidents, to include system intrusions and abuse and acts as a primary point of contact.
-Participates in development and implementation of information security policies and procedures; develops security guidelines and safe practices for company-wide computing and networking systems.
-Reviews, updates, and enforces data security practices within the corporate and restaurant systems environments; tests for exposures to ensure adherence to guidelines and procedures, and works with platform experts to implement remedial measures as appropriate
-Coordinates and participates in special projects concerning information security, including testing and implementation of security technology enhancements.
-Develop and maintain standard operating procedures to reflect day-to-day security operations.
-Tests security controls and manages the associated remediation of any deficiencies as needed
-Research and evaluate emerging technologies in support of security technology enhancements
-Assists in developing responses to internal & external audits, penetration tests and vulnerability assessments.
-Performs other duties as assigned

-Minimum 5-7 years in the information security field
-Hands on experience with mitigating security controls (i.e., anti-virus, IPS/IDS, DLP, web and network proxies, URL content filtering, multi-factor authentication, SSL VPN's) and how they work in an overall defense in depth risk assessment methodology.
-Experience in incidence response required; (e.g. In-depth knowledge of Windows/Unix operating system forensics, event logging systems, authentication methods, remote and local web application security, penetration testing).
-Solid understanding of network, workstation, and server security configuration
-Experience supporting information security design concepts, including testing and implementation of security technology enhancements.
-Knowledge of regulatory compliance regulations (PCI, SOX, PII)
-Must be able to effectively interact with other teams across the organization
-Ability to manage multiple tasks along a parallel process

-Bachelor's degree in Computer Science, Information Technology, or a relevant field, or equivalent experience.

-Strong interpersonal and consultative skills
-Ability to effectively prioritize and execute tasks in a high pressure environment
-Excellent written & verbal communication skills
-Excellent technical documentation skills
-Excellent presentation skills
-Experience working in a team-oriented, collaborative environment
-Experience leading and supporting technical teams
-Strong work ethic
-Demonstrated initiative and ownership
-Demonstrated ability to effectively interact professionally with a diverse group of people at all levels of the organization.

-Minimum of one current technical certification (e.g., CISSP, CEH, GIAC, GSEC)