Senior Information Security Analyst
ASCAPNew York, NY
Full Time Job
Senior Information Security Analyst (contract)
Reporting directly to the VP Information Technology, you'll be responsible for managing a range of security solutions and third party services that protect the enterprise systems and assets from internal/external threats. This includes on-prem data centers as well as infrastructure that has migrated to cloud service providers making up a multi-cloud footprint. You will be tasked with your own projects, some of which introduce entirely new tools and techniques for monitoring and detecting threats and anomalies in the application landscape across multiple environments. There will also be work where your knowledge of information security, application security, vulnerability management, penetration testing, threat modeling and other abilities needs to be applied to projects that the business has set for execution. Keep in mind that ASCAP is not in the business of implementing security features, but rather is in the business of implementing features securely.
• Conduct technical cyber investigations with hands-on approach
• Create and improve infosec documentation and procedures
• Be comfortable writing policies and standards and reviewing them annually
• Support our cloud migration activities and projects, extending controls and monitoring that meet the business, legal and technical requirements to safeguard data and access
• Work with our vendors and partners to help them maintain their security posture
• Deliver security awareness training for the organization relevant to their responsibilities
• Orchestrate an automated vulnerability management program that identifies, confirms, tickets and tracks remediation of platform exposures to exploits and risks
• Perform audits and analysis of network, endpoint, database, cloud services and privileged identity management logs and events
• Keep abreast of industry trends, new threats and malicious actors across platforms
• Qualys/Nessus scanning, Ansible playbooks, PGP/GPG keys, scripted PKI and Root Certificate Authority management, Sysinternals Suite, Burp Suite, OWASP Threat Modeling, nmap, wireshark, Kali Linux pentesting, python/perl/bash/go scripting
• 5 years of infosec analyst experience and incident response
• Experience with evangelizing DevSecOps tools and techniques
• Experience with AWS/Azure products and knowledge of how to secure them
• Familiar with core principles of TCP/IP networking, DNS, routing and load balancing
• Deep knowledge of several of the following areas:
• Mobile Device Management
• Anti-Virus/Endpoint Protection
• Vulnerability Management
• Penetration Testing
• Multi-Factor Authentication/SSO
• Digital forensics, hard drive imaging
• Passion for knowledge and command of technology (if you don't know three ways of abusing a tool you don't know how to use it)
• Ability to work independently as well as collaborate with others effectively
• Higher education desired, but not required
• Security certifications will be considered, but prefer qualified to certificated candidates
What We Love About You
• You love our users. You deeply understand our users and put them at the center of everything you do. You aim to serve and delight them every day.
• You do the right thing. You are respectful and act with the highest integrity. If you see something that isn't right, you say something.
• You debate it. You ask questions to understand a perspective and are comfortable respectfully challenging assumptions. You are not turned off by constructive conflict to get to the right answer.
• You own your outcomes. You set clear ambitious goals. You anticipate obstacles, persevere, and are accountable for your commitments.
• You make fast decisions. You are an effective and timely communicator. You understand how to collaborate, compromise, and escalate when needed.
• You get better every day. You welcome the gift of feedback. You never settle in your quest to grow and develop. By being here, you make our company stronger.
ASCAP is home to more than 700,000 music creator members across all genres - the greatest names in music, and thousands more in the early stages of their careers. We are the world leader in performance royalties, advocacy and service for music creators, and are the only PRO in the US run by its members including songwriters, composers and music publishers.
ASCAP technologists live our mission and we are passionate about what we do for our customers and we practice what we preach. Our technologists serve with humility and a deep respect for their responsibility in helping our business partners and members achieve their goals and realize their dreams. We have an infectious and lively culture and we recognize our successes monthly at our Thursday on-site social hour celebrations. We stand behind our mission and are committed to delivering the impossible.
As part of our Information Security team, you will provide the organization with a reliable, trusted and advanced security skillset to support the organization, your fellow staff, ASCAP's membership and licensees.