ONLY ON W2
VISA: NO OPT,CPT AND H1-B
Remote Role
Virtual Interviews
Position : Principal IT Security Analyst IV
Location : St. Louis, MO
Duration : Full Time
This A4 is the highest-level analyst in our organization and will be the only A4 on the team. They will work on critical security incidents – will do high level analytics and lead the team through the investigation to help them discover what’s happening. Will also be responsible for mentoring and developing our more junior level analysts. Will set standards for their tickets and reporting. Will help continue developing processes, raising the level of technical efficiencies in our processes.
Also this person will need to be able to communicate requirements through projects. They will represent ISO with high level tech leaders throughout the rest of the organization to help deliver requirements. Must be able to translate highly technical lingo. Critical thinking skills will be so important. He needs a thinker and a doer.
Coming from a larger organization would be ideal, but if someone is in a smaller org they may have worn a lot of hats so that could be a fit. Need to be flexible to fit to the org’s needs.
Off-hours work would be rare. Wouldn’t be part of an on-call rotation. During critical events only.
Senior manager level technical equivalent. Need someone who is polished, collaborative, with deep cybersecurity knowledge (incident response, digital forensics, etc).
Responsibilities:
- The Information Security Office’s (ISO) vision is to realize a culture of security that manages risks, defends against threats, and integrates information security into business and technology. The Global Cyber Security (GCS) Team supports this vision through the detection, analysis, and mitigation of cyber security threats facing Enterprise Mobility. The Monitoring, Forensics & Incident Response Teams under the GCS are responsible for detecting and eradication threats to Enterprise Mobility in support of the business objectives.
- The GCS team has an immediate need for a highly experienced Security Analyst 4. In this role, you will operate as the highest-level analytical leader in GCS and will be responsible for assisting in the development of the strategy and influencing change across GCS, the ISO, and IT. You will utilize your critical thinking skills to solve problems, and develop advanced analytics and processes needed to optimize threat detection and response. You will work in a fast-paced environment, and be responsible making recommendations on the maturity and enhancement of the team's set of security-related tools (e.g. WAF, SOAR, SIEM, UBA, IDS/IPS, anti-virus, firewalls, etc.), developing new team processes, engaging in projects to design and deliver new detection and response capabilities, and engaging with internal/ external teams on security issues, including communication to high levels of leadership.
Key Responsibilities Include:
- Taking an active role in applying advanced methods to identify wide-range, large and complex cyber threats and driving innovative solutions to detect and protect against those threats (this includes collaboration with security architects and security engineers in the organization to design and implement those solutions)
- Collaborating with others in the ISO and IT to address security gaps, and understand the changes in GCS approach and strategy needed to support those efforts
- Researching and interpreting a wide-range of complex security controls related to future concepts; collaborating across the company to influence design and development of solutions and communicating solutions necessary for the protection of all information processed, stored and transmitted by IT and the company
- Applying advanced cybersecurity and privacy principles (relevant to confidentiality, integrity, availability, authentication and non- repudiation) in multiple areas of IT and the company requirements; communicating and influencing new security policies, frameworks and regulations into operational processes; explaining difficult concepts to a variety of different audiences
- Leading and owning documentation company-wide; Influencing change through technical guidance to create, apply and measure organizational policies and procedures to meet security objectives in accordance with laws, regulations, and internal policies
- Leading the influence and consultation for the implementation of the information security strategy and planning of projects for the department, IT and company
- Actively coaching, mentoring and teaching others; using influence, expertise and leadership to support other teams as they implement technology solutions (this also involves direct involvement of development plans for junior members of the team)
Qualifications Required:
- Must be presently authorized to work in the U.S. without a requirement for work authorization sponsorship by our company for this position now or in the future
- 8+ years of related experience
- Strong analytical and critical thinking skills to support and evolve an advanced cybersecurity team
- Advanced, in-depth knowledge of cybersecurity
- Strong analytical, problem solving, and critical thinking skills
- Proven success in collaborating with security architects and security engineers across an organization to influence design, development and implementation of solutions
- Experience influencing and communicating new security policies, frameworks and regulations into operational processes
- Proven technical leadership capabilities with the ability to establish and maintain solid working relationships across business and IT teams
- Experience mentoring and coaching less experienced security analysts
- Possesses initiative, results-oriented drive and a solid work ethic, requiring minimal direction
- Excellent communication skills, including strong listening skills, influence, and leadership presence
- Must be committed to incorporating security into all decisions and daily job responsibilities
Preferred:
- Bachelor's degree in Computer Science, Computer Information Systems, Management Information Systems, or related field preferred
- Knowledge of security frameworks such as NIST and MITRE Attack
- Knowledge of cloud-based security standards and protocols
- Strong knowledge of the Microsoft security suite and productivity environment
- CISSP, CISM, GSEC or similar security certification preferred
- Cloud+, AWS practitioner, or similar cloud certification preferred
