Security Analyst II- Vulnerability Management
The TMNAS IT Security Analyst II is an operational and functional resource role within the Technology Security and Risk Management function within the TMNAS IT Department. The TMNAS IT Security Analyst II will enforce enterprise information security processes and solutions and will execute critical functions/services maintained by the Security Threat, Monitoring and Risk team including vulnerability management, security awareness and threat management programs. They will provide security expertise supporting organization risk reduction though daily security monitoring, threat hunting and incident response. The TMNAS IT Security Analyst II will be a significant contributor evaluating organizational security needs ensuring operational solutions are developed and implemented with supporting practices and procedures.
- Contributes to the development and maintenance of information security strategy and architecture.
- Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks.
- Perform review and analysis of security control tool sets to identify potential/emerging or active threats within the environment.
- Assists in the design and development of security software products for enterprise platforms ensuring integration into operational practices.
- Develop and support integration of security intelligence into various aspects of operational services.
- Monitors security logs and systems for violations and unusual events.
- Provide subject matter expertise in support and development of improved security policies and threat models.
- Complies with proper internal controls as necessary to conduct job functions and/or carry out responsibilities and/or administrative activities at the Company.
- Develop, compile and document security status reports and dashboards as needed.
- Establishes and builds strong working relations and partnerships with IT peers and Business Units.
- Performs special projects and other duties as may be assigned.
Degree / Licenses and Professional Certifications
- Bachelor's degree in engineering, computer science, or similar major preferred.
- CISSP, SSCP, Security+ or CEH certifications preferred
- 5 years relevant IT operation experience.
- 2-3 years in information security preferred.
- Experience with domain structures, user authentication, network security, web application security assessment and vulnerability management preferred.
- Demonstrated experience administering and/or monitoring any of the following security control and technology areas:
- SIEM - Required
- Vulnerability Assessments Scanning - Required
- Host Intrusion Detection/Prevention - Required
- Endpoint Detection and Response (EDR) - Preferred
- Web Application Security Scanning
- Entitlements Management and Classification/Labeling
- Email Security – Phishing, DMARC, Data Leakage etc.
- Forensics and E-Discovery
- Endpoint protection and DLP
- Knowledge of typical organizational politics and political tactics; ability to effectively navigate formal and informal communication and decision-making channels.
- Knowledge, insight, and understanding of business concepts and processes that are needed for making sound decisions in the context of the company's business; ability to apply this knowledge appropriately to diverse situations.
- Practiced knowledge of pragmatic and risk appropriate security controls
- Knowledge and understanding around web application development and associated risks and vulnerabilities (OWASP)
- Hands on knowledge of Windows/Linux OS and most common security control tools
- Strong writing and communication skills.
- Strong customer service orientation toward Business Units requiring consultation (responsive, consultative, collaborative and accurate).
- Able to work with a group to set its objectives and agenda, generate allegiance to those objectives, and guide and motivate achievement.
- Interpersonal relationship building skills; able to work with a variety of people and groups in a constructive and collaborative manner.
- Analytical ability with the capability to determine the root cause of problems and issues and provide solutions.
- Applies organizational acumen to identify and maintain focus on key success factors for the organization.
- Superior attention to detail.
- Ability to juggle multiple, competing, frequently changing time-sensitive deadlines and priorities
- Ability to work independently and without supervision.
- Ability to work and lead effectively as part of a team.
Tokio Marine Group of Companies (including, but not limited to the Philadelphia Insurance Companies, Tokio Marine America, Inc., TMNA Services, LLC, TM Claims Service, Inc. and First Insurance Company of Hawaii, Ltd.) is an Equal Opportunity Employer. In order to remain competitive we must attract, develop, motivate, and retain the most qualified employees regardless of age, color, race, religion, gender, disability, national or ethnic origin, family circumstances, life experiences, marital status, military status, sexual orientation and/or any other status protected by law.