Security Analyst

Why Verifone

For more than 30 years Verifone has established a remarkable record of leadership in the electronic payment technology industry. Verifone has one of the leading electronic payment solutions brands and is one of the largest providers of electronic payment systems worldwide.

Verifone has a diverse, dynamic and fast paced work environment in which employees are focused on results and have opportunities to excel. We take pride in the fact that we work with leading retailers, merchants, banks, and third party partners to invent and deliver innovative payments solution around the world. We strive for excellence in our products and services, and are obsessed with customer happiness. Across the globe, Verifone employees are leading the payments industry through experience, innovation, and an ambitious spirit. Whether it’s developing the next platform of secure payment systems or searching for new ways to bring electronic payments to new markets, the team at Verifone is dedicated to the success of our customers, partners and investors. It is this passion for innovation that drives each one of our employees for personal and professional success.

Job Summary:

The Security Analyst will be responsible for monitoring our security infrastructure, identifying and responding to security threats, managing vulnerabilities, and contributing to the continuous improvement of our overall security posture. This role is crucial in safeguarding our organization's systems, data, and reputation against an ever-evolving landscape of cyber threats.
 

Key Responsibilities:

Security Monitoring & Alerting:
Monitor security alerts and events from various sources, including SIEM, IDS/IPS, EDR, firewalls, and other security tools.
Triage and investigate alerts to determine their severity, scope, and potential impact.

Incident Detection & Response:
Act as a first responder for security incidents, following established incident response plans.
Conduct initial analysis, containment, eradication, and recovery activities.
Document incident details, actions taken, and lessons learned.
Escalate complex incidents to senior analysts or incident response teams as appropriate.

Vulnerability Management:
Perform regular vulnerability scans and assessments of our IT infrastructure, applications, and networks.
Analyse scan results, priorities vulnerabilities, and track remediation efforts with relevant teams.
Assist in the development and implementation of patching and remediation strategies.

Security Tool Administration & Maintenance:
Assist in the configuration, maintenance, and optimization of security tools and technologies.
Ensure security tools are functioning correctly and generating accurate data.

Log Analysis & Threat Hunting:
Collect, analyze, and correlate log data from various systems to identify suspicious activity or potential threats.
Proactively hunt for threats and indicators of compromise (IOCs) within the environment.

Threat Intelligence:
Stay informed about the latest cybersecurity threats, vulnerabilities, attack vectors, and mitigation techniques.
Gather and analyze threat intelligence from various sources to enhance detection capabilities.

Reporting & Documentation:
Prepare regular reports on security incidents, vulnerability status, and overall security posture.
Maintain accurate and detailed documentation of security procedures, configurations, and incident response activities.

Collaboration & Support:
Collaborate with IT teams, developers, and other business units to implement security best practices and address security concerns.
Provide security-related support and guidance to end-users and internal teams.
Assist with internal and external security audits and compliance activities (e.g., GDPR, ISO 27001).

Skills and experience we desire:

• Bachelor’s degree in computer science or related field
• 2+ years of hands-on experience with the design, implementation, and operation of enterprise vulnerability management.
• 2+ years’ experience supporting diverse IT systems, processes, or capabilities in large organizations
• 2+ years of solid understanding of industry best practices for hands on, security vulnerability remediation.
• 2+ years with SCCM, WSUS (or other, similar tools) running in an enterprise environment.
• 2+ years in scripting of packaged installation of patches, software, and configuration changes, including the knowledge and ability to write PowerShell scripts needed to automate patch management processes.
• Extensive experience with core vulnerability management scanners (e.g. Qualys, Tenable etc.).
• Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level.
• Technical understanding of a range of enterprise IT and cloud-based architectures and technologies such as networking, server infrastructure, operating systems, web applications, databases, containerization, mobile.
• Preferred certifications: Net+, Security+, OSCP, CEH, CISSP, GIAC (GSEC, GEVA, GPEN etc.)

Our commitment

Verifone is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Verifone is also committed to compliance with all fair employment practices regarding citizenship and immigration status.