Oracle IT Security Analyst 4 in Cambridge, Massachusetts
Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.
Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems. Maintains the company s firewall. Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.
Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Prefer 8 years relevant experience and BA/BS degree.
Your primary responsibility is to safeguard Aconex internal and customer data, computer networks, systems, applications and staff members by:
Planning and carrying out security measures to monitor and protect sensitive data, systems, and network devices from infiltration and cyber-attacks
Aiding in the design of system, application and network architecture that protect company s assets
Work with other security specialists to help mitigate damages during attacks
You will also be responsible for identifying any issues that could pose future vulnerabilities, and work with managers to help change the architecture. You should have a deep understanding of various hardware and software vulnerabilities, and other tactics used to gain access to sensitive data (e.g. phishing, social engineering, etc.).
Implement Protections Select, install, and use security related products, including firewalls, data encryption technologies, SIEM, IDS, FIM, HIDS, DAM, FAM, MDM, DLP, etc. to protect organizations sensitive data.
Uncover Vulnerabilities Conduct periodic scans of networks (both internal and external) and Aconex web applications, to find vulnerabilities. This includes managing 3rd party penetration testing for compliance requirements and to highlight weaknesses that might be exploited by a malicious party.
_Monitor, Monitor, Monitor _- Constantly monitor organization s networks and systems for security breaches and/or intrusions. Select, install and manage services that helps notify the SOC team of intrusions and irregular system behaviour.
Security Breaches - Develop strategies to respond to and recover from a security breach, including educating the workforce on information security. Lead incident response activities for the North America region in order to minimize a breach impact, including alerting the Incident Response Team once a breach has been verified.
Forensic Investigation - Lead technical forensic investigations to determine how a breach happened and the extent of the damage, including managing 3rd party forensics consultants, notifying the proper authorities and regularity bodies, and preparing final reports for management, customers and end users.
_Improve Information Security Strategy _Improve, plan and carry out organization s information security strategy, including developing standards, best practices, and security enhancements recommendations.
Deliver sound know-how and know-what for information security and business continuity projects
Design, develop and maintain information security documentation
Collaboration with regional business units to ensure practical plans are in place
Manage and monitor progress of remediation activities and related action items
Support, facilitate and engage with auditors and business teams during audits
Conduct risk assessments on assets, projects and processes
A level of pre-sales involvement and customer care will be part of the role
Required Skills & Experience:
Prior role as an Information Security Engineer or Security Analysis for a SaaS, cloud provider, or online entity
Experience in building and managing secure and compliant systems
Detailed technical knowledge of operating system security
Hands on experience with security systems, including firewalls, IDS, HIDS, endpoint protection, authentication systems, SIEM, and encryption technologies
Experience with network, system, application and security monitoring tools
Thorough understanding of the latest security principles, techniques, and protocols
Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures)
Direct experience with at least one of the following standards, ISO 27001, SSAE 16 SOC 2, NIST 800-53, PCI, HIPPA CSA or COBIT
Desired Skills and Experience:
Understanding of the NIST 800-53 controls and/or FedRAMP
Department of Defence Security Requirements Guide (SRG)
Working knowledge of corporate Information Security
Experience as a system administrator supporting multiple platforms and applications
Experience working in agile software development environments
A strong multi-tasker with a keen eye for detail
Organized and thrive in fast-paced, high-stress scenarios
Ability to communicate security issues to peers, management, customers, and end-users
Fundamental understanding of the OWASP (Open Web Application Security Project) top 10
Experience with Risk Management frameworks and risk assessment tools
Excellent problem solving skills and ability to work under pressure
Oracle Aconex is a Global Business Unit of Oracle. Together, Oracle and Aconex provides an end-to-end offering for project management and deliverythat enables customers to effectively plan, build, and operate construction projects.
Job: *Information Technology
Title: IT Security Analyst 4
Location: United States
Requisition ID: 180014M9
Other Locations: US-CO,Colorado-Denver