Who we are:
Newfold Digital is a leading web technology company serving millions of customers globally. Our customers know us through our robust portfolio of brands. We have some of the industry's most prominent and storied go-to-market brands, including Bluehost, HostGator, Domain.com, Network Solutions, Register.com and Web.com. We help customers of all sizes build a digital presence that delivers results. With our extensive product offerings and personalized support, we take pride in collaborating with our customers to serve their online presence needs. The strength of our company lives in the intersection of our people, our customers, and our brands.
About the role:
Information Security Analyst is responsible for the day-to-day monitoring of systems and networks for security issues, installing security software, documenting security issues or breaches and performing security testing for company systems. The Information Security Analyst may perform risk assessments, support business continuity, review system configuration and compliance with security requirements, perform incident logging and reporting, security operations, and end user security administration and system access.
What you’ll do & how you’ll make your mark :
Identifies and ensures mitigation of information security risks within the organization
Evaluates projects to ensure proper security requirements and actively with corporate-wide information security project planning and documentation of divisional and corporate projects
Assists with internal and external IT audits. Support processes for identification, collection and review of relevant data and assist with defining control recommendations that are both efficient and effective.
Reviews requests for adherence to security policies, assuring requests are executed correctly
Identifies security incidents and responds to ensure risk is contained
Maintains integrity of security controls based on toolsets as well as support their updates and use
Develops and analyzes security reports and reports security incidents to compliance staff and department leadership
Monitors audit system to find security violations, vulnerabilities, and abnormalities
Develops and maintains security control framework, which includes security policies, standards, practices, and guidelines
Who you are & what you’ll need to succeed:
Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security)
Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks, Threat and vulnerability management
Experience with vulnerability scanners, vulnerability management systems, patch management and host-based security systems
Knowledge of networking and the common network protocols
Demonstrated ability to create scripts to automate processes in PowerShell, Python or Bash
Demonstrated ability to perform static and dynamic malware analysis
Demonstrated ability to analyze large data sets and identify anomalies
Demonstrated ability to quickly create and deploy countermeasures under pressure
Familiarity with common infrastructure systems that can be used as enforcement points
Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals
Project Management skill is a plus
Experience working with cloud technologies (AWS, Azure, SaaS, etc.) is highly desired with a focus on Oracle’s OCI being most desirable
Ability to take internal vulnerability, threat intelligence and other sources of data and report on it, at scale for large scale tracking and remediation
Intermediate professional role
Moderate skills with high level of proficiency. Works under general supervision with increased latitude for independent judgment.
Identifies non-routine issues and routes/escalates to appropriate team member.
Works on multiple concurrent projects of medium complexity. Is an active team member, contributes to complex projects to gain experience, shares ideas and suggests process improvements appropriate for level of experience.
Consults with senior peers on semi-complex processes to learn through experience.
Typically requires a minimum of 3 - 5 years of experience in security-related fields or related disciplines.
A degree in Information Technology, Computer Science or related field is highly desirable. Certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), CompTIA Security+ is highly desired.
This Job Description includes the essential job functions required to perform the job described above, as well as additional duties and responsibilities. This Job Description is not an exhaustive list of all functions that the employee performing this job may be required to perform. The Company reserves the right to revise the Job Description at any time, and to require the employee to perform functions in addition to those listed above.