Information Security Analyst
The Information Security Analyst will be responsible for partnering with the Chief Information Security Officer in maturing the security strategy, working with infrastructure staff to implement technologies, and meeting internal and external compliance needs. The candidate would use the latest technology to detect, analyze and limit intrusions and security events. This position requires technical knowledge with hands on experience across a vast array of system, network and infrastructure devices, including cloud.
The successful candidate is expected to:
- Perform day to day monitoring of cybersecurity events, including reviewing, analyzing and interpreting reports from various systems to identify anomalies, trends, or threats.
- Analyze vulnerability and compliance scan results, and work with system owners to ensure vulnerabilities are remediated and system configurations meet hardening standards.
- Review and monitor system configurations to ensure that they are secure, role appropriate, and consistent throughout the organization.
- Integrate and work with the firm's Managed Security Services Provider (MSSP) to strengthen and enhance the relationship along with the downstream alerting.
- Collaborate with Business Solutions teams on a routine basis for purposes of reviewing and providing recommendations for information security such as security reporting, network design, change management and other projects as assigned.
- Perform regular updates of existing playbooks based on changes in the threat landscape or upon discovery of new threat tactics or procedures.
- Security event management including triage, correlation, and enrichment of individual events to either rule out as false positive, trigger standard detective and corrective responses, or escalating as a security incident.
- 5-7 years’ experience required.
- Knowledge of cyber security risk management concepts, cyber security frameworks, secures coding principles, and security technologies.
- Knowledge of desktop security and standards (common STIG, CIS, and third-party security baselines).
- Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
- General networking understanding and/or experience to include understanding of TCP/IP communications, knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
- Familiarity with YARA, OpenIOC, and/or STIX frameworks.
- Certifications through SANS, ISACA, ISC2, or EC-Council preferred, such as GSEC, CISSP, CISA, CISM, or CEH.
- Coding skills (Python, Perl, Bash and/or PowerShell) are preferred.
- Bachelor’s degree preferred.
FS Investments is a leading asset manager dedicated to helping individuals, financial professionals and institutions design better portfolios. The firm provides access to alternative sources of income and growth and focuses on setting industry standards for investor protection, education and transparency. FS Investments is headquartered in Philadelphia, PA, with offices in Orlando, FL, New York, NY, and Washington, DC. Visit www.fsinvestments.com to learn more.
FS Investments is an Equal Opportunity Employer.
- Pay Type Salary
- Philadelphia, Philadelphia, Pennsylvania, United States of America