Information Security Analyst

Overview

MAIN JOB RESPONSIBILITIES /

COMPETENCIES:

As an Information Security Analyst within STAAR Surgical’s Information Technology team, this individual plays a critical role working closely with the business and across the Information Technology organization defining, delivering and supporting information security solutions and supporting roadmaps. In summary this position: works on information security problems that are diverse and highly complex; selects methods and techniques for identifying and advocating effective security solutions;

develops approaches to address critical information security issues; and develops and administers schedules and performance requirements.

• Defines and implements information security strategies and procedures.
• Works with engineering teams to define and refine information security and systems management policies and settings.
• Monitors and assesses vendor and 3rd party information security reports/lists.
• Evaluates new and emerging products, technologies and makes recommendations to leadership concerning introduction of new technologies.
• Coordinates, administers, manages and monitors the use of access control systems security tools and intrusion detection systems to identify anomalous events and security infractions that exploit system vulnerabilities.
• Integrates information security controls into an environment to identify risks and reduce their impact.
• Provides analysis of potential risk to information security and recommends solutions.
• Creates and maintains information security documentation.
• Communicates information security procedures to users.
• Reviews and recommends changes to information security policies, including STAAR Surgical IT use policies, Data Sensitivity and Personal Identifiable Information Security Policies and procedures.

• Preferred:
  Undergraduate degree and 0-2 years relevant experience.
• Highly desirable:
  Security certifications such as GCIH, GSEC, Security+.

• Preferred: 4-6 years of relevant experience or equivalent combination of education and work experience.

• Applies research, information gathering and analytical skills.
• Selects appropriate alternatives from defined options.
• Collects required documentation; verifies conformance of documents with standards.
• Assesses accuracy of detailed information.
• Tracks, maintains and produces regular and ad hoc reports.
• Handles detailed, structured problems.
• Identifies roadblocks to task completion and effectively brings them to management for resolution.
• Generally uses existing procedures to resolve standard problems.
• Works on assignments where judgment is required a majority of the time.
• Knowledgeable in security best practices and defense in depth strategies for multiple platforms (i.e. Linux/Unix, Windows, Mac).
• Knowledgeable in common cybersecurity threats, attacks, and TTPs.
• Knowledgeable in intrusion detection and investigations.
• Knowledgeable in incident handling and reporting.
• Knowledgeable in analyzing host-based and network logs.
• Knowledgeable in firewall rules and configuration.
• Knowledgeable in public cloud computing platforms.
• Knowledgeable in standard cybersecurity frameworks and implementing security controls.
• Knowledgeable in privileged account management (PAM).
• Knowledgeable in vulnerability management.
• Knowledgeable in methods of data protection, types of encryption, and data loss prevention (DLP) solutions.
• Knowledgeable in identity and access management methodology.
• Knowledgeable in automation scripting languages (i.e. Power Shell, Python, Bash).
• Knowledgeable in security awareness training.
• Knowledgeable in endpoint protection solutions (EDR/XDR).
• Knowledgeable in multi-factor authentication (MFA) technologies.
• Knowledgeable in email security gateway solutions.
• Good understanding of networking technologies.
• Contributes to cost-benefit analysis to justify investment in security controls to mitigate risks.
• Knowledge of the Globally Accepted Information Security Principles.
• Must possess strong verbal and written communication skills and be able to adapt to the level and nature of their audience.

Pay range: $100K - $125K - Final compensation will depend on experience.

STAAR Surgical is an Equal Opportunity/Affirmative Action employer and all qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran or disability status, or any other characteristic protected by law.