Security Assurance Manager / Princ InfoSec Analyst
Symantec Corporation (NASDAQ: SYMC) is the global leader in cyber security. Operating one of the world’s largest cyber intelligence networks, we see more threats, and protect more customers from the next generation of attacks. We help companies, governments and individuals secure their most important data wherever it lives.
We make the world a safer place by helping people, businesses and governments protect and manage their information, so they can focus on achieving their goals.
The Security Assurance Manager/Principal Information Security Analyst is responsible for overseeing security assurance programs, reporting on compliance levels, identifying non-compliance issues and security vulnerabilities, and managing remediation activities. An important part of the role is leading the end-to-end process of vulnerability identification, investigation, remediation, verification and continuous process improvement including automation. This mission critical role acts as the central conductor for required technical and project related activities across a matrixed organization. The mission of this position is to build and leverage a Security Assurance program (including vulnerability management) that will proactively reduce cyber risk to the organization. Additional responsibilities may be asked as deemed necessary.
Primary responsibilities include, but are not limited to:
- Oversee the maintenance and continual improvement of vulnerability management infrastructure, initiatives, integration, processes, and technical assessment support.
- Be accountable for the patch and vulnerability management process as well as the performance of the matrixed team’s assigned tasks.
- Support compliance and audit inquiries relating to security assurance and vulnerability management.
- Classify and prioritize the risk of new vulnerabilities according to the specifics of our unique environment’s risk level, mitigating factors, and assessment of the impacts of internal and external threats.
- Maintain dashboards and collect metrics and reports on vulnerability findings and remediation compliance.
- Publish monthly program metrics with the aim to characterize and communicate security effectiveness to executives and stakeholders.
- Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams.
- Work closely with both business-oriented executives and leads as well as technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively.
- Provide technical support to system owners to propose mitigation and remediation solutions to identified issues.
- Assist with routine compliance and audit functions to ensure requirements are satisfied.
- Document, maintain and report on policies, processes and procedures.
- Provide input to the department’s leadership for enhancing the information security strategy.
- Assist departments across the organization in understanding and implementing security policy objectives in ways that are cost effective, and align with business objectives.
- Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities.
- Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner.
- Ability to collaborate and communicate effectively and respectfully with both business-oriented executives and technology-oriented personnel in teams across the organization.
- Ability to protect all forms of highly confidential and proprietary business information and ability to maintain the highest standards of privacy and security.
- Ability to follow and abide by all information and security policies and practices.
- Bachelor’s degree in Computer Science, Information Assurance, or a related degree or equivalent experience.
- MS or PhD in Computer Science a plus.
- A minimum of two (2) years experience in a leadership role.
- A minimum of two (2) years working in a heavily regulated environment.
- A minimum of five (5) years of experience in an Information Security related role.
An in-depth understanding of:
- Vulnerability assessment tools (Nessus, Nexpose, Metasploit, Qualys, nmap, Burp Suite, Retina, etc.) as well as manual techniques.
- Windows, Mac, and Linux-based operating systems from both a user-endpoint and server perspective.
- Technical writing and documentation tools (Microsoft Office Suite, wiki collaboration platforms, ticket and bug tracking systems).
- Common and emerging attack vectors, penetration methods, countermeasures, and remediation methods and implications.
- Patching programs and systems of major hardware and software vendors.
- Strong systems and network background with an emphasis in secure configuration and hardening.
- Scripting experience preferred in one or more of the following languages: R, Python, Ruby, Perl, BASH, PowerShell.
- Knowledge of information security industry and regulatory obligations (PCI DSS, SOX404, SOC1/2, ISO 27000-series, NIST Framework, etc.).
- Industry Certifications preferred: GIAC, CISSP, CISM, CISA.
Relentlessly protect the world’s information. Make a difference at Symantec. Across the globe, we are an ‘essential’ partner to both consumers and businesses of all sizes. We combine our talents, our brains, and our creative energy to reinforce our place as a world-class technical community.
Our most critical asset at Symantec is the talent we hire - you! We look for people who have a desire to excel and reflect our values: Innovation, Action, Customer-Driven, and Trust. We recognize that every opening in our company is a chance to increase Symantec's competitive advantage, and we are willing to invest in you in order to win.
Symantec is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.
Symantec will respond to requests for reasonable accommodations to assist you in applying for positions at Symantec, or to submit a resume. If you need to request an accommodation, please contact our HR Helpdesk at 1-800-497-2580 or by email at email@example.com.
EEO is the Law. Applicants and employees of Symantec Corporation are protected under Federal law from discrimination.Click here to find out more.
Encryption, Antivirus and Malware protection, eDiscovery, Identity Protection and Authentication, Information Protection, Cyber Security Services, Threat Protection
Company Type: Public Company
Company Size: 10,001+
- Back-end Engineer Intern | Website Security
- Cyber Security Analyst
- Dir, Information Security Audit & Compliance (ID Analytics)
- Director, Incident Response
- Principal Information Security Analyst
- Principal IT Specialist - Identity and Access Management, within Hybrid Cloud Infra. Services
- Sr Principal Information Security Analyst - SOC
- Sr Principal Information Security Analyst - SOC
- Sr Principal InfoSec Analyst - Penetration Testing
- Sr Product Manager - Security
- Sr. Cloud Security Engineer (AWS)
- Threat Analysis Engineer