DescriptionPosition Summary:The Security Analyst s main responsibility is to maintain a secure environment for the Company s network and systems. The Security Analyst is responsible for defining and promoting security policies, and ensuring associates follow these security standards. They oversee the set up of a user s security access, and monitor the associate s use of data systems to safeguard company information. They provide security reviews for new systems and define security models for new systems. Security Analysts are responsible to maintain network, server and workstation firewall protection and provide network and application scanning, security logging, and intrusion detection capabilities. Security Analysts are also responsible to audit access to mission critical applications and to maintain compliance documentation for SoX and PCI. They also administrate network security access to all associates, and respond to any security requests or incidents in a timely manner.Major Responsibilities:Analytics:- Involved in recommending security products and analyzing their performance- Responsible to analyze and review annual SOX and other compliance reports- Analyze data to identify exceptions, last usage, and necessity of access for computer applications and systems- Modify computer security files to incorporate new software, correct errors, or change individual access status.Technology:- Encrypt data transmissions and configure/maintain firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers- Involved in designing and maintaining intrusion detection processes and infrastructure.- Testing and documentation of computer security and emergency measures policies, and procedures- Involved in ongoing systems security monitoring Project Management:- Lead project scope development and options analysis.- Identify and recommend solution to meet security needs, and implement chosen solution.- Manage projects from identification of need to implementation and ongoing monitoring of system/solution performance.- Manage eDiscovery projects- Other projects as assigned by the managerCustomer Experience:- Work closely with company leadership to respond to IT Security Events- Work closely with customer s leadership to define system security and access requirements.- Work closely with customer s leadership to help recommend, define and document security policy- Manage the security projects and/or solution implementations to client group expectations.- Work closely with HR and Legal Teams to preserve chain of custody and confidentiality of data.- Work closely with company leadership to asses risk and vulnerabilities with new technology or software Learn more about Corporate careers at Penske Truck Leasinghere... Bachelor s degree or equivalent experience required, advanced degrees or certifications preferred- 3 - 5 years of functional experience- 1 - 2 years of project management (including mid-to-large scale projects, and managing multiple projects at one time)- Technical and non-technical communication skills (both written and oral)- Strong analytical skills- At least 3 - 5 years of experience and full fluency or expert knowledge in the following systems/languages: -Firewall software/hardware (e.g. ASA) Expert Level -Proxy Filtering (e.g. Blue Coat Proxy) Expert Level -Centralized Log configuration and analysis(e.g. Splunk) Expert Level -IDS/IPS configuration and analysis(SNORT) Expert Level -SSO Infrastructure (e.g. CA SiteMinder, LDAP and Aveksa/Via) -Network Vulnerability Scanning (e.g. Nessus) Expert Level -Advanced User Authentication Structures (e.g. Cisco ACS and RSA ACE servers) Expert Level -OS Hardening and Security: IBM iSeries, Linux, Windows Expert Level -Application vulnerability scanning(Parasoft) -Networking TCP/IP and packet capture applications such as tcpdump and WireShark Expert Level -Antivirus and host firewall solutions (e.g. Mcafee and PowerTech Network Security) Expert Level -Encryption Technology -SOX, PCI, COBIT Requirements and Auditing -Microsoft office applications- Regular, predictable, full attendance is an essential function of the job- Willingness to travel as necessary, work the required schedule, work at the specific location required, complete Penske employment application, submit to a background investigation (to include past employment, education, and criminal history) and drug screening are required.Physical Requirements:-The physical and mental demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.-The associate will be required to: read; communicate verbally and/or in written form; remember and analyze certain information; and remember and understand certain instructions or guidelines.-While performing the duties of this job, the associate may be required to stand, walk, and sit. The associate is frequently required to use hands to touch, handle, and feel, and to reach with hands and arms. The associate must be able to occasionally lift and/or move up to 25lbs/12kg.-Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception and the ability to adjust focus.Penske is an Equal Opportunity Employer.About Penske Truck LeasingPenske Truck Leasing Co., L.P., headquartered in Reading, Pennsylvania, is a partnership of Penske Corporation, Penske Automotive Group, and Mitsui & Co., Ltd. A leading global transportation services provider, Penske operates more than 260,000 vehicles, employs more than 29,000 people, and serves customers from more than 1,000 locations in North America, South America, Europe, Australia, and Asia. Product lines include full-service truck leasing, contract maintenance, commercial and consumer truck rentals, used truck sales, transportation and warehousing management and supply chain management solutions. Visit to learn more.
Associated topics: attack, forensic, iam, idm, information assurance, information security, leak, malicious, threat, vulnerability