Security Analyst

The Security Analyst is responsible for contributing to and implementing the company’s information security strategy and supporting the company’s business and technology strategies. This role is responsible for the security communications and help desk escalations, training campaign development and implementation, workflow design and management, and the administration of internal IT Security systems including the CIRP application, security dashboarding, security audit/monitoring, CISO/IT Security SharePoint presence, and file analysis systems.

What You'll Do:

• Act as primary Tier-1/Tier-2 Help Desk contact for security issues and
• Understand the technology landscape and identify vulnerabilities that may jeopardize the security, integrity, or reputation of the company, its applications, infrastructure, and data.
• Administer systems central to the IT Security mission such as file analysis, access and activity monitoring, and security training and evaluation.
• Document the current state, the desired future state, and any gaps related to the IT Security function.
• Develop and publish dashboards and metrics related to security
• Provide consultation, analysis, and guidance to improve the security plans for new projects.
• Participate in vendor risk assessments and technology evaluation as part of the Vendor Management Team.
• Participate in code reviews and code audits related to internal development
• Remain current on threats, and vulnerabilities related to security, information security, and privacy and make that information available and consumable by a broad range of business and IT stakeholders.
• Participate as a member of the Cyber Incident Response
• Participate as part of the Business Continuity

 This job is for you if:

• Demonstrated understanding of:
  • network fundamentals and design
  • system administration across multiple platforms
  • enterprise, role-based authorization tools, techniques, design, and best practices
  • intrusion detection and prevention, forensic IT
  • security methodologies, tools, and best practices
  • desktop, mobile, server, application, database, and network
  • security principles for risk identification, analysis, and mitigation
• Knowledge of:
  • server hardening
  • securing cloud and hybrid architectures
  • security baselining
  • secure configuration and change management
  • secure development practices
  • data loss prevention
  • log monitoring and SEIM principles and tools
• Ability to work with all levels of the business to implement and drive adoption of security procedures.
• Possess strong organizational, written and oral communication skills.
• The ability to effectively manage competing projects, goals, and problems is important.
• Effectively deal with work and time pressure in the efficient and effective accomplishment of job requirements.

Experience & Qualifications:

• Bachelor’s Degree in Computer Science or related field or suitable additional related experience.
• Possess one or more of the following certifications or be able to obtain within one year of hire:
• Certified Information Systems Security Professional (CISSP)
• SANS-GIAC certifications
• 7 or more years of IT experience
• 4 years of security/infrastructure protection and/or IT or information security audit experience.

Who We Are:

As one of the largest insurance brokerage and consulting firms in the US, Woodruff Sawyer protects the people and assets of more than 4,000 companies. We provide expert counsel and fierce advocacy to protect clients against their most critical risks in property & casualty, management liability, cyber liability, employee benefits, and personal wealth management. An active partner of Assurex Global and International Benefits Network, we provide expertise and customized solutions where clients need it, with headquarters in San Francisco, offices throughout the US, and global reach on six continents.

We are a privately held corporation, owned 100% by our employees. Our benefits include:

• Medical, Dental, and Vision coverage
• 401k with company match and profit sharing
• Ownership in the company through our Employee Stock Option Program (ESOP)
• Paid vacation, holidays, and sick days
• Life Insurance, Short-term and Long-Term Disability benefits
• Flexible Spending Account (FSA)
• Wellness programs and workplace flexibility benefits
• Professional development and reimbursement programs
• Added perks like discounted event tickets, pet insurance, financial coaching, identity theft protection, etc.

Woodruff Sawyer is an Equal Opportunity Employer.

Our Equal Employment Policy incorporates our commitment to maintain an environment free of discrimination and to comply with all federal, state and local laws providing equal employment opportunities.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

#LI-HYBRID #LI-REMOTE