IT Security Analyst Iii
Country : USA
State : Massachusetts
County : Middlesex County
Town : Marlborough
Category : Logistics
Contract type : Permanent
Availability : Full time
We are looking for an IT Security Analyst III to join our Vulnerability Management Program!
In this role, you will perform basic risk assessments and security reviews to ensure compliance with internal policies, standards and regulatory requirements. This will include performing root cause analysis, investigate and resolve security incidents, identify security risks and exposures, determine causes of security violations and design, recommend and track procedures to mitigate future incidents.
You will also proactively determine if an event needs to be raised to management, recommend a course of action for low to medium complexity situations and provide input and recommendations to management to change current procedures.
You will work with IT partners to provide technical and process expertise across a broad range of vulnerability management work efforts.
A successful candidate will demonstrate an ability to work independently and in an organized manner. They will communicate very effectively and manage their workload independently. They will demonstrate strong technical ability and experience, as well as the ability to work calmly under pressure. They must act with integrity, take pride in their work, seek to excel, be curious and adaptable.
This is a US-based global role with some negotiable travel requirement.
Additional Responsibilities Include:
- Using vulnerability scanning tools, application security testing solutions and network assessment utilizes to identify security vulnerabilities.
- Performing vulnerability scans and develop applicable vulnerability reports for House systems.
- Analyzing scan results and engage with stakeholders to resolve identified vulnerabilities; document exceptions, and false positives.
- Communicating appropriate vendor and scan system recommended solutions as part of comprehensive remediation solutions.
- Following up with owners to ensure remediation efforts are consistent with policy and raise instances of noncompliance.
- Tracking progress of vulnerability remediation with responsible partners and support teams.
- Performing deep-dive analysis of vulnerabilities leveraging data from various sources; analyze data sources and provide recommendations for optimal reports.
- Reviewing and prioritizing the severity of vulnerabilities using CVSS and custom risk models.
- Assisting in maintaining asset, configuration management and vulnerability databases. Working with Cybersecurity staff to solve performance and connectivity issues with network scanning and security assessment tools.
- Experience operating vulnerability and compliance scanning tools such as Rapid7 Nexpose, Tenable Nessus, Veracode, etc.
- Support Business Intelligence (BI) and reporting efforts through building tailored analytics solutions, managing dashboards, reporting to stakeholders.
- Excellent aptitude for IT Risk & Compliance concepts and methodologies and an understanding of applied security concepts and standard methodologies.
- Must have the ability to identify and assesses the severity and potential impact of risks and communicate findings to risk owners in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
- Decision-making capabilities, with a moderate ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- Able to apply current threats to the TJX business model.
- Familiar with IT policies, laws, standards and frameworks applicable to the specific technical role e.g. ISO27000, COSO, NIST-800, PCI-DSS, etc.
- Able to assist in the development of risk and compliance management processes and workflows.
- Basic knowledge of IT risk and compliance, security architecture design, network security, cloud/mobile security, data security and internal/external threat intelligence/analysis
- Internal Audit experience is a plus.
- Strong verbal and non-verbal communication skills; able to communicate/present technical security details to a wide range of audiences.
- Solid working knowledge with MS Office.
- May provide guidance and training to more junior associates.
- May provide budgetary recommendations for future projects/security tools/applications.
- Bachelor's Degree in Computer Science, MIS, Information Security or related field, or equivalent experience. Up to date professional qualifications such as CISM, CRISC, CISA, or CISSP certifications preferred.
A successful candidate will demonstrate an ability to work independently and in an organized manner, communicate effectively and manage their workload independently. They will demonstrate strong technical ability and experience, as well as the ability to work calmly under pressure. They must act with integrity, take pride in their work, seek to excel, be curious and adaptable.
We care about our culture, but we also prioritize the tangible stuff - competitive pay, great benefits, and a great group of people.
We consider all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, marital or military status. We also provide reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.
Nearest Major Market: Boston
Corporate Security, Law, Computer Science, Network Security, Security, Legal, Technology