Xerox Analyst I, IM Security, Triage Analyst in Haryana, India
Purpose: • The implementation of organization-wide processes and procedures for the management of information security alerts. • The resolution of incidents and problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. • This role will specialize on a specific technology and/or risk management discipline. Examples of specialization areas can be any technology, technique, method, product or application area as they pertain to the disciplines of information security, privacy, disaster recovery, and regulatory compliance.
Scope: • Autonomy: Works under general supervision. Uses discretion in identifying and resolving complex problems and assignments. Specific instruction is usually given and work is reviewed at frequent milestones. Determines when problems should be escalated to a higher level. • Influence: Interacts with department/project team members. Frequent external contact with other internal organizations. Decisions may impact work assigned to individual/phases of project. • Complexity: Specialized range of work, of relatively less complexity and standard, in variety of environments.
Primary Responsibilities: • Performs initial triage and investigation of information security alerts. Assigns those alerts to appropriate team for remediation. Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment. Coordinates the development of countermeasures and contingency plans. • Investigates suspected attacks and recommends remedial action or escalation. • Monitors actions to investigate and resolve incidents and problems in systems and services. • Assists with the implementation of agreed remedies and preventative measures. • Tracks and reports on information security alerts. i.e. volume of alerts, remediation effort, time to close. • Maintains knowledge of specific technical specialisms, provides detailed advice regarding their application, executes specialized tasks. The specialism can be any area of information or communication technology, technique, method, product or application area.
• Specific Tasks: ◦ Refers to domain experts for guidance on specialized areas of risk, such as compliance, architecture, finance and environment. ◦ Co-ordinates response to information security alerts, which may involve acceptance, transfer, reduction or elimination. Assists with development of agreed countermeasures and contingency plans. ◦ Monitors status of information security alerts, and reports status and need for action to senior management. ◦ Reviews security alerts, network usage logs, and other sources of incident information, to identify unacceptable usage, and breaches of privileges or corporate policy. Recommends appropriate action. ◦ Communicates information assurance issues effectively to users and operators of systems and networks. ◦ Determines when security issues should be escalated to a higher level. ◦ Provides information and advice, such as reporting on achievement of risk management metric targets. ◦ Analyzes incidents and problems to show trends and potential problem areas, so that actions can be taken to minimize the occurrence of incidents and to improve the process of problem reporting, analysis and clearance. Assesses and reports the probable causes of incidents and consequences of existing problems and known defects. ◦ Develops and maintains knowledge of the technical specialism by, for example, reading relevant literature, attending conferences and seminars, meeting and maintaining contact with others involved in the technical specialism and through taking an active part in appropriate learned, professional and trade bodies. ◦ Maintains an awareness of current developments in the technical specialism. ◦ Identifies opportunities to apply the technical specialism within employing organization and closely associated organizations, such as customers, suppliers and partners, and advises those responsible. ◦ Carries out specific assignments related to the technical specialism, either alone or as part of a team. ◦ Maintains knowledge of the technical specialism at a detailed level, and is responsible for own personal growth and technical proficiency.
Candidate Education: Minimum: Bachelor's Degree, Computer Science, Information Systems, or related field.
Professional Certifications: Preferred: Technical certifications such as CISSP, SANS GSEC, CEH, CompTIA Security are desired.
Candidate Background: Skills, Knowledge & Ability: Minimum requirements: Relevant experience in Information Technology. Experience or training in information security specialism desired.
Intermediate understanding of malware types and methodologies, intrusion detection, advanced malware detection. Understands and uses appropriate methods and tools and applications. Demonstrates analytical and systematic approach to problem solving. Demonstrates effective communication skills with peers. Contributes fully to the work of teams. Can plan, schedule and monitor own work. Is able to absorb and apply new technical information. Is able to work to required standards and to understand and use the appropriate methods, tools and applications. Show aptitude for learning about other areas of information technology and how they relate to risk management. Has a basic business knowledge and an understanding of current and emerging information and communications technologies and their level of maturity. Is able to obtain information from business people in face to face situations, and to analyze information on users occupational tasks obtained by a variety of formal and informal means. Can solve common problems in area of expertise, and knows how to get answers outside of that area. Is familiar with the principles and practices involved in development and maintenance and in service delivery. Has good technical understanding and the aptitude to remain up to date with IS security and developments. Possesses a general understanding of the business applications of IT. Is proficient in both written and oral communication. Demonstrates basic knowledge of information security principles. Has experience or training as an administrator of IT systems, databases, or processes.
Additional Role Requirements: Information Security Domain Basic understanding of at least 5 out of the following 10 security domains: Access Control Systems and Methodology Telecommunications and Network Security Business Continuity Planning and Disaster Recovery Planning Security Management Practices Security Architecture and Models Law, Investigation, and Ethics Application and Systems Development Security Cryptography Computer Operations Security Physical Security One or more of the following industry certifications desired: CISSP, GSEC, CISA, GCIH, GCFA, GCFW, GCWN or other related certification
Xerox is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. People with disabilities who need a reasonable accommodation to apply or compete for employment with Xerox in the U.S. may request such accommodation(s) by sending an e-mail to firstname.lastname@example.org
Job: IM Security
Organization: Information Security Ops
Title: Analyst I, IM Security, Triage Analyst
Requisition ID: 16026200
Virtual/work from home? No