Berkshire Hathaway Specialty Insurance (BHSI) has an exciting opportunity for a mid-level IT professional, to join their Boston team as an IT Security Analyst. In this newly created role, that offers an opportunity for significant growth potential, the IT Security Analyst will take an active role in the execution of our IT Security analytics and strategy, while collaborating closely with both internal and external partners.
Duties & Responsibilities:
- Works closely with our external Managed Security Solution providers to analyze security data and facilitate the BHSI response to security threats.
- Engage in assessing vulnerabilities and determining the root cause of security incidents.
- Participates in application technical reviews to ensure IT solutions have properly followed our security processes.
- Analyzes system outages, alerts, and reports of abnormal system behavior due to suspected security-related events such as viruses, Trojan activity, and hacker intrusions.
- Conducts risk assessments for identity and access management controls.
- Participates in external forums (e.g. FS-ISAC, Berkshire Security Council) to help BHSI leverage knowledge and ideas from other sources.
- Compiles and validates security-related statistical data for management reporting.
- Assists in the development, implementation, and evaluation of a departmental security-awareness training program and related materials.
- Assists in the development and implementation of Business Continuity Plans and Disaster Recovery Plans.
- Work with our global infrastructure team analyzing incidents and applying appropriate security fixes.
- Assists with maintaining a chain of custody of electronic and physical evidence related to an IT security incident.
Qualifications, Skills, and Experience:
The ideal candidate will have 5-10 years’ experience working in an IT Security Management function with proven competence in several of the critical IT Security topics listed below.
- Server and Workstation Security Management: Experience in server and workstation application security, e.g. e-mail, web, application, and database, security management comprised of implementing upgrades, patches, and updates to operating systems, software applications, and security protection software.
- Identity and Access Management: Experience assisting with defining, testing, and implementing IT user provisioning and identity management solutions. Includes developing IAM policies, standards, and procedures; identifying appropriate access control techniques; analyzing and selecting IAM solutions.
- Security Incident Response Management: Experience providing technical assistance in computer security incident response for potential or actual information-security breaches or attacks. Includes detecting, analyzing, responding to, and reporting information security incidents; and familiarity with the chain-of-custody process.
- Network Security Management: Experience in security elements of IT network planning, design, and analysis. Includes overseeing and assessing how we have implemented security tools and controls such as intrusion detection/prevention systems, sniffers, and firewalls.
- Risk Assessment Management: Experience performing IT security risk assessments. Includes assisting in developing and implementing business continuity and disaster recovery plans and in developing risk assessment reports of findings and recommendations for remediation.
- Policy and Compliance Management: Experience assisting with developing and implementing IT security policies and standards. Includes assisting in monitoring for compliance.
- Application Security management: Experience in supporting development teams in the use of code analysis tools and application security best practices.
- Security Awareness Training: Experience assisting in developing, implementing, and evaluating IT security awareness training programs and related materials. Includes assisting in reporting of training compliance.
NOTE: This job description is not intended to be all-inclusive. Team members may perform other related duties as negotiated to meet the ongoing needs of the organization.