At Avast, we strive to give everyone the power to explore our shared digital world freely and safely. Our team is working to help shape the digital world to be a freer, fairer and safer place through the application of science, technology and human ingenuity, and we are looking for people who share our passion to contribute to a better online world. Avast promotes a rich diversity of cultures, debates, and out-of-the-box thinking. Today, Avast is a FTSE 100 company that safeguards more than 435 million people worldwide, protecting their digital data, identity, and privacy.
Job Posting Title:
Senior Information Security Analyst
Job Description:
The Senior Information Security Analyst is a critical role within the CISO office and is responsible for assessing security and privacy risks in deployed and in the design phase and deployed workloads. The analyst will be a consultative and occasionally hands-on professional in multiple security disciplines (hardening, vulnerability management, audit support, policy development/measurement/enforcement, training, risk assessment, etc). These activities will help us with the development of formal, repeatable programs aimed at delivering repeatability, tracking, and increased overall security maturity.
Our security professional will be working together with several teams across our company and serve as a technical diplomat helping to facilitate the delivery of workloads in a secure manner (as opposed to playing the role of a traffic cop telling groups “no, you can’t do that”). Our Security Analyst will use a variety of tools to assess and measure the current security state, report on findings and recommend corrective actions or compensating controls where appropriate.
Program management, project management, and progress reporting are central to the work. Optimal candidates will be good communicators (both verbally and when writing) and collaborative partners with high empathy for the work being conducted by other teams and the associated deadlines.
Required Skills
- 7-10 years IT security or information security experience with a proven ability to engage with internal and external partners and leadership in a productive and additive manner.
- 4+ years experience conducting IT security or compliance assessments (SOC 2, PCI, etc.)
- 4+ years experience in administering IT security controls in an organization.
- Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
- Certified Information Systems Security Professional (CISSP), or related certification or demonstrated experience showing similar proficiencies across multiple security domains.
- Demonstrated ability to drive sophisticated technical projects and assessments to successful conclusion.
- Experience managing and coordinating environments which include Windows, Linux, Mac, VM, cloud, and network devices.
- Attention to detail, knowledge of security frameworks such as NIST 800-53 and ISO 27001, and the ability to turn ambiguity into meaningful, effective, and timely results.
Preferred skills, competencies, and credentials
- Knowledge of attacker TTP, actor groups, malware (including remediation), and other security risks as well as the ability to articulate the value of the MITRE ATT&CK model to someone in a non-security focused role.
- Bachelor’s or Master’s Degree in Information Systems, Computer Science, Information Security or similar field.
- One or more security or technical certifications demonstrating expert knowledge in domains relevant to the work.
- Prior experience performing security reviews, and risk assessments preferred.
- The ability to read, understand and then explain three or more of the following: threat reports, RFPs, audit findings, event logs, packet traces, standards documents.
- 2+ years working in a fully remote capacity and/or with teams on other continents.
We Offer:
- An amazing and truly international work environment
- The chance to join a major global tech company
- Many opportunities for professional growth
- Quarterly bonus scheme
- Attractive pension & health insurance plan
- Unlimited Personal Time Off - because each of us needs enough time to relax
- Whole-life flexibility - we empower our people to choose where, when, and how they work (alternatively we can also add: and measure their contribution based on the achievements and outcomes rather than hours they work.
Sounds exciting? We look forward to hearing from you.
Avast does not accept unsolicited resumes from recruiters or recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or HR team, even in a situation when the relevant candidate is employed by Avast.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Deadline for applications: 27.10.2021.