Security Operations Analyst, Senior

Senior Information Security Analyst – SOC

Newfold Digital is a leading web technology company serving millions of customers globally. Our customers know us through our robust portfolio of brands. We have some of the industry's most prominent and storied go-to-market brands, including Bluehost, HostGator, Domain.com, Network Solutions, Register.com and Web.com. We help customers of all sizes build a digital presence that delivers results. With our extensive product offerings and personalized support, we take pride in collaborating with our customers to serve their online presence needs. The strength of our company lives in the intersection of our people, our customers, and our brands.

What you’ll do & how you’ll make your mark

The Security Analyst is responsible for ensuring the security and integrity of the organization's information systems and data. This role involves identifying and mitigating security risks, reviewing project security requirements, and maintaining compliance with security standards. The Security Analyst will also focus on detection engineering by designing systems to detect malicious activities and implementing automation technologies to streamline security operations, including vulnerability management and incident response.

General Duties and Responsibilities

Information Security Analyst duties and responsibilities include:

• Identify and ensure mitigation of information security risks within the organization.
• standards, procedures, and practices across various types of projects.
• Review requests for adherence to security policies, assuring requests are executed correctly.
• Identify security incidents and respond to ensure threats and risks are contained.
• Maintain integrity of security controls, toolsets, and other security-relevant services.
• Develop and analyze security reports, and build presentations as required.  Facilitate status reports and other relevant information to compliance staff and department leadership.
• Monitor and audit systems for security violations, vulnerabilities, and abnormalities.
• Develop, implement, and maintain alignment with security control frameworks.  Make updates to security policies, standards, procedures, practices, and operating procedures, as required.
• Assist with incident handling and other incident response activities, as required. 
• Complete and monitor the status of corrective action plans, resolve audit findings and security issues, ensuring problems are resolved in an effective and timely manner.
• Implement and evaluate the effectiveness of data loss prevention (DLP) policies and detections.
• Design, build, and fine-tune systems and processes to detect malicious activities or unauthorized behaviors.
• Implement tools, processes, and procedures to identify unusual or suspicious behavior that may indicate a breach.
• Create actionable alerts based on detected threats to prompt immediate response from concerned teams.
• Implement automation technologies to streamline security operations such as vulnerability management, threat detection, and incident response.
• Use automation to reduce incident response time by enabling swift threat remediation through predefined actions.

Who you are & what you’ll need to succeed

General Knowledge, Skills, and Abilities

As well as formal qualifications, an Information Security Analyst should possess:

• A working level understanding of controls (e.g., access control, auditing, authentication, encryption, and system integrity).
• Versed in operating systems such as Linux (various distributions) and Microsoft Windows.
• Experience with Microsoft Active Directory, encryption and algorithms, authorization and authentication mechanisms/software, network monitoring, TCP/IP networks, DNS, next generation firewalls, and intrusion detection/prevention systems.
• General knowledge of network design and common network protocols, and infrastructure systems.
• Ability to create scripts to automate processes in PowerShell, Python or Bash is a plus.
• Ability to recognize and analyze malware.
• Ability to analyze large data sets and identify patterns and anomalies.
• Ability to quickly create and deploy countermeasures or mitigations under pressure.
• Build effective relationships.  Develop and use collaborative relationships to facilitate the accomplishment of work goals.
• Experience with the PCI-DSS, ISO-27001, and/or SOC II compliance frameworks is a plus.
• Experience implementing and measuring security controls aligned with NIST 800-53 and the Center for Internet Security (CIS) is a plus.
• Project Management skills is a plus.
• Experience with the following technologies is a plus:  SentinelOne Singularity Platform, Tanium, Google Chronicle SIEM, Cloudflare L3-L7 security technologies, Tenable.io, Lacework, Recorded Future, KnowBe4, ServiceNow, Jira, Microsoft Defender for Endpoints, Microsoft Security and Compliance, Microsoft Azure Key Vault.
• Experience with the native security service solutions for public cloud service providers (AWS, Google, Azure, Oracle) is a plus.

Educational and Certification Requirements

A degree in Cybersecurity, Information Technology, Computer Science, or related field is desirable.

Industry recognized certifications are a plus.  Certifications may include:  CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), CompTIA Security+, certifications issued by the SANS Institute, etc.

Certifications issued by public cloud providers (AWS, Azure, Google, Oracle, etc.) is a plus.

• We’ve evolved: We provide three work environment scenarios. You can feel like a Newfolder in a work-from-home, hybrid, or work-from-the-office environment.
• Work-life balance: Our work is thrilling and meaningful, but we know balance is key to living well.
• We celebrate one another’s differences: We’re proud of our culture of diversity and inclusion. We foster a culture of belonging. Our company and customers benefit when employees bring their authentic selves to work. We have programs that bring us together on important issues and provide learning and development opportunities for all employees. We have 20+ affinity groups where you cannetwork and connect with Newfolders globally.
• We care about you : At Newfold, taking care of our employees is our top priority. We make sure that cutting edge benefits are in place for you. Some of the benefits you will have: We have partnered with some of the best insurance providers to provide you excellent Health Insurance options, Education/ Certification Sponsorships to give you a chance to further your knowledge, Flexi-leaves to take personal time off and much more. Building a community one domain at a time, one employee at a time. All our employees are eligible for a free domain and WordPress blog as we sponsor the domain registration costs.
• Where can we take you? We’re fans of helping our employees learn different aspects of the business, be challenged with new tasks, be mentored, and grow their careers. Unfold new possibilities with #teamnewfold!

This Job Description includes the essential job functions required to perform the job described above, as well as additional duties and responsibilities. This Job Description is not an exhaustive list of all functions that the employee performing this job may be required to perform. The Company reserves the right to revise the Job Description at any time, and to require the employee to perform functions in addition to those listed above.