IT Security Analyst

iFIT’s vision is to create the world's most holistic health and fitness platform, integrating all elements of health - physical fitness, mental health, nutrition and active recovery - into a seamless interactive experience. We develop proprietary software that learns and adjusts to the habits of each person as it delivers immersive content that guides them on their individual fitness journey.

We are seeking an experienced IT Security Analyst to assist with ensuring the confidentiality, integrity, and availability of iFIT’s internal and external systems.  In addition, this position reviews and generates security-related management reports and information.  The IT Security Analyst will also serve as a liaison with and provide service level oversight to security vendors and participate in all phases of vulnerability management, incident management, disaster recovery testing, security reviews and security measurements.

ROLE COMMITMENTS

• Participate in the planning and design of enterprise security architecture, under the direction of the Senior IT Security Manager
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures)
• Participate in the planning and design of an enterprise business impact analysis, business continuity plan, and disaster recovery plan
• Implement and support an on-prem and cloud vulnerability management strategy
• Implement and maintain IAM processes, policies and tools.
• Support good security hygiene activities company-wide.

JOB RESPONSIBILITIES

• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors
• Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security
• Support the creation of an on-prem and cloud vulnerability management strategy, lead a proof of concept and selection for tools such Wiz and Tenable
• Support the Identity Governance Administration (IGA) strategy in the implementation of Identity and Access Management (IAM) with Okta, contribute to the Role Based Access Control (RBAC) Matrix
• Lead the annual PCI audit documentation and complete the SAQs
• Conduct quarterly access reviews for all applications in-scope for financial audits and PCI compliance
• Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically
• Support audit and compliance efforts including evidence collection
• Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices)
  • Manage/Maintain Windows, Mac and Linux systems golden images
  • Manage/Maintain AWS AMI golden images used by iFIT
• Maintain operational configurations of all in-place security solutions as per the established baselines
• Monitor all in-place security solutions for efficient and appropriate operations
• Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution
• Participate in investigations into problematic activity
• Participate in the design and execution of vulnerability assessments, penetration tests, and security audits
• Manage XDR Solution daily
• Manage Phishing Alerts daily (Triage, delete true positives from inboxes, etc.)
• Manage Security Tickets daily
• Manage Security Tools (as needed, as assigned)
• Perform Security Assessments as needed for solutions
• other duties as assigned

EDUCATION, and/or EXPERIENCE 

• Experience in the concepts, terms, processes, policy and implementation of information security
• Must have the ability to analyze and solve complex problems involving a wide variety of information systems
• Bachelor's degree or 6 years of IT experience with a minimum of 3 years of experience in security
• Ability to work with minimal supervision
• Ability to adapt to change
• One or more of the following certifications:
  • CompTIA Security+
  • GIAC Information Security Fundamentals
  • Microsoft Certified Systems Administrator: Security
  • CISSP, SSCP, or CCSP (ISC) 

Technical Qualifications:

• Extensive experience with Palo Alto Cortex, Global Protect, Splunk, Okta, Intune, Jamf, Tenable, and Wiz
• A working and fundamental knowledge of TCP/IP and other network administration protocols
• Must be proficient with Microsoft Windows server/desktop, linux, macOS and be platform-agnostic
• Experience running a security awareness program
• Working experience with Tenable Nessus, and other network tools is a plus
• Experience with a next generation endpoint detection and response system
• Experience with PCI compliance