Information Security Analyst II

NMI Holdings Inc Emeryville, CA
job summary

The Information Security Analyst II monitors and responds to multiple security systems, dashboards, mailboxes and alerts. The Analyst utilizes experience and judgment to determine when a security event rises to the level of an incident and escalate as necessary to senior staff. The Analysts works with other Information Security Analysts to learn company-specific tools (QRadar, Ensilo, Sophos, Umbrella, Barracuda web and email filters, Security Center, Tripwire, etc.). The Analyst performs daily monitoring and analysis of information collected from the company's information security systems and tools in order to preserve the confidentiality, integrity, and availability of information resources and assets. The Analyst seeks out weaknesses within the company's infrastructure and processes by analyzing data and recommending solutions to remove, reduce, or mitigate risk.

ESSENTIAL job duties & responsibilities

* Monitor and respond to multiple security systems, dashboards, mailboxes and alerts. Utilize experience and judgement to determine when a security event rises to the level of an incident and escalate as necessary to senior staff.

* Administer anti-virus and other security systems as necessary.

* Develop and manage DLP based File Categorization tool.

* Configure and monitor Web Filtering systems (Cisco Umbrella and Barracuda systems).

* Develop technical solutions to automate repeatable tasks.

* Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.

* Coordinate and execute IT security projects.

* Collaborate with other areas of IT to manage security vulnerabilities.

* Ensure that procedural guides (run books) are accurate and updated as needed.

* Manage SIEM (QRadar) by maintaining the logs and various input streams being sent to QRadar.

* Coordination with IBM to resolve technical issues, attend planning meetings with the Director of information Security and partners at IBM.

* Mentor other Security Analysts in configuring new log sources, creation of DSMs and integration of security systems into QRadar to support cross-training and time off coverage, includes vulnerability scan integration and information streams from IBM sources and other feeds from systems like WildFire, FirePower etc.

* Creation of custom dashboards for operational teams in Security and IT Operations and Senior Management in IS and IT.

* Conduct research to keep abreast of latest security issues.

* Work with internal and external auditors to gather evidence and respond to questions.

* Perform ad hoc responsibilities, as needed.

ESSENTIAL Competencies

* Bachelor's degree in Computer Science, related IT field, or equivalent work experience.

* Industry certification related to this position is required (CISSP, GIAC, SANS, etc.).

* 8-10 or more years of experience working within a diverse IT environment with 3-5 of those years focusing on security is preferred.

* Solid understanding of networking concepts and system administration.

* Knowledge of data compliance and privacy standards and regulations as they apply to insurance and banking industries.

* Solid understanding of Information Security Standards (ISO 27001, NIST, etc.) and SOX controls.

* Self-motivated, self-directed and shows attention to detail while working.

* Ability to effectively prioritize and execute reporting tasks in a fast-paced, results-driven environment.

* Extensive experience working in a team-oriented, collaborative environment with a diverse team of business and IT staff.

* Familiar with mortgage concepts, practices, and procedures.

* Experience in the area of insurance processes and document management.

* Ability to communicate effectively at all levels.

* Verbal and communication skills, including, written as well as the ability to produce presentations, and to make public presentations.

* Relies on extensive experience and judgment to plan and accomplish goals.

* Works ethically, and with integrity, supporting organizational goals and values.

* Meets productivity standards and achieves key outcomes.

* Contributes to building a positive team spirit and treats others with respect.

* Maintains confidentiality of information and uses information appropriately.

* Exhibits sound judgment when making decisions and recommendations.

* Analyzes and interprets information accurately.