Job Description
KLDiscovery, a leading global provider of electronic discovery, information governance and data recovery services, is currently seeking an experienced Information Security Analyst.
The Information Security Analyst works with a team of cyber security engineers to achieve positive outcomes around the NIST (National Institute of Standards and Technology) core cyber security functions of identify, protect, detect, respond, and recover. Works both independently and collaboratively with project managers/task leads and network, system, and integration engineers to capture and refine information security requirements and ensure that the requirements are integrated into information technology component products and information systems through purposeful security architecting, design, development, and configuration.
Remote, work from home opportunity.
Responsibilities
- High Level:
- Protect and Defend - Identify, analyze, and mitigate threats to internal information technology systems and/or networks.
- Analyze - Perform highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
- Collect and Operate - Provide specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
- Investigate - Investigate cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence.
- The Information Security Analyst is accountable for procedures and processes that ensure the integrity, confidentiality and availability of assigned Business units information, applications and infrastructure.
- The Information Security Analyst will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities.
- The Information Security Analyst is responsible, with the help of senior staff, for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units.
- Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to:
- IPS/IDS alerts; change detection (FIM) alerts
- Application firewall alerts; malware alerts
- Security system health alerts; exploit attempt alerts
- Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to:
- Audits of system security to ensure compliance with Corporate security framework ISO 27001, NIST 800-53, and PCI
- Emerging US state and Federal and International privacy laws
- Participate in a vulnerability management program that includes:
- External & internal vulnerability & penetration tests of applications and systems
- Documentation and remediation of identified vulnerabilities and exploits
- Routinely monitoring for security vulnerabilities and security patches
- Taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments
- Making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities
- Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement
- Acts as the initial point of contact to facilitate the handling of security incidents and requests, conducts technical investigations resulting in successful root cause analysis of intrusions, and make real-time decisions about incidents as they occur
- Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units
Qualifications
- Microsoft Intune
- Microsoft Defender Suite
- Qualys Attack Surface Management
- Skyhigh Secure Web Gateway
- Trellix ePolicy Orchestrator (ePO)
- SolarWinds
- Azure
- Microsoft Exchange
- Palo Alto Panorama
- ManageEngine AD Audit
- Varonis (preferred)
- Clarity Identity Lifecycle Manager (preferred)
- Microsoft Sentinel (preferred)
- Strong analytical and problem-solving skills with excellent attention to detail.
- Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc preferred.
- Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures
- Familiarity with security technologies, devices, and countermeasures, as well as the threats they are designed to counter.
- Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences preferred.
- Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks) preferred.
- Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations.
- Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally
- Excellent written, verbal and client-facing communication skills.
- Strong personal and time management skills.
- Outstanding customer service skills.
- Industry certifications desirable - CompTIA Security+, (ISC)² SSCP Systems Security Certified Practitioner, GIAC Security Essentials (GSEC), etc.
Why You will Love Working for KLD
At KLD we invest in employees and their families by placing their wellbeing first. We offer competitive total compensation that includes base pay, bonus opportunity, inclusive benefits, wellness programs, and perks. We use market and industry data to inform pay decisions while considering geography and labor markets, individual experience, and business needs. India compensation is based upon the local competitive market.
India
- Paid time off, that offers various time off options to help employees maintain a work-life balance, such as Casual, Earned, Sick, Special Leave, and Holidays!
- Ongoing learning and development, a focus on continuous professional development through various training and education reimbursement programs.
- A diverse and inclusive workplace where we all learn, grow, and achieve the greatest heightstogether.
- A surrounding team of mission-driven individuals who genuinely love what they do.
- Free, fun, interactive and incentivized global wellness program that promotes the wellbeing of our employees.
Our Cultural Values
Entrepreneurs At Heart, We Are a Customer First Team Sharing One Goal And One Vision. We Seek Team Members Who Are
- Humble - No one is above another; we all work together to meet our clients needs and we acknowledge our own weaknesses
- Hungry - We all are driven internally to be successful and to continually expand our contribution and impact
- Smart - We use emotional intelligence when working with one another and with clients
Our culture shapes our actions, our products, and the relationships we forge with our customers.
Who We Are
KLDiscovery provides technology-enabled services and software to help law firms, corporations, government agencies and consumers solve complex data challenges. The company, with offices in 26 locations across 17 countries, is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions to support the litigation, regulatory compliance, internal investigation and data recovery and management needs of our clients.
Serving clients for over 30 years, KLDiscovery offers data collection and forensic investigation, early case assessment, electronic discovery and data processing, application software and data hosting for web-based document reviews, and managed document review services. In addition, through its global Ontrack Data Recovery business, KLDiscovery delivers world-class data recovery, email extraction and restoration, data destruction and tape management.
KLDiscovery has been recognized as one of the fastest growing companies in North America by both Inc. Magazine (Inc. 5000) and Deloitte (Deloittes Technology Fast 500) and CEO Chris Weiler has been honored as a past Ernst & Young Entrepreneur of the Year. Additionally, KLDiscovery is an Orange-level Relativity Best in Service Partner, a Relativity Premium Hosting Partner and maintains ISO/IEC 27001 Certified data centers.
KLDiscovery is an Equal Opportunity Employer.