IT Security Analyst
The security analyst plays a vital role in keeping an organization’s proprietary and sensitive information secure. He/she works inter-departmentally to identify and correct flaws in the company’s security systems, solutions, and programs while recommending specific measures that can improve the company’s overall security posture.
This job family reports to the Director, IT Operations.
Responsibilities
- Generate reports for IT administrators and business managers to evaluate the efficacy of the security policies in place.
- Monitoring security access
- Performing both internal and external security audits
- Continuously updating the company’s incident response and disaster recovery plans
Requirements
- BA/BS in a business related field and/or equivalent years of education and experience working in a related field
- 3-5 years experience in Information Technology or Information Security experience.
- Certified Information Systems Security Professional (CISSP) preferred
- Knowledge of policies and procedures related to GDPR, CCPA, and PCI
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance related concepts to a broad range of technical and non-technical staff
- Successful experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and clients
- Demonstrated success working with internal audit, external auditors, outside consultants, and legal affairs
- Demonstrated experience leading large-scale projects
- Ability to use GitLab
Levels
IT Security Analyst (Intermediate)
IT Security Analyst (Intermediate) Job Grade
The IT Security Analyst is a grade 6.
IT Security Analyst (Intermediate) Responsibilities
The IT Security Analysts share the same responsibilities outlined above.
IT Security Analyst (Intermediate) Requirements
The IT Security Analyst position has all the same requirements as the ones outlined above plus the following:
Senior IT Security Analyst
Senior IT Security Analyst Job Grade
The IT Security Analyst is a grade 7.
Senior IT Security Analyst Responsibilities
The Senior IT Security Analyst has all the same responsibilities as the intermediate position plus the following:
- Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
- Work with the security team to perform tests and uncover network vulnerabilities.
- Address questions from internal and external audits and examinations.
- Fix detected vulnerabilities to maintain a high-security standard.
- Stay current on IT security trends and news.
- Develop company-wide best practices for IT security.
- Help colleagues install security software and understand information security management.
- Research security enhancements and make recommendations to management.
- Serve as project manager/lead within IT security projects.
- Promote awareness of applicable regulatory standards, upstream risks, and industry best practices.
Senior IT Security Analyst Requirements
The Senior IT Security Analyst has all the same requirements as the ones outlined above plus the following:
- 5-7 years experience in Information Technology or Information Security experience.
- 4+ years experience conducting IT compliance assessments (Sarbanes-Oxley, PCI, etc.).
- 4+ years experience in administering IT security controls in an organization.
- Experience with IPS/IDS and SIEM technologies.
- Certified Information Systems Security Professional (CISSP), or related certification.
- Experience in information security or related field.
- Experience with computer network penetration testing and techniques.
- Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
- Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
- Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact.
Performance Indicators
- Evaluate compliance of IT tools or processes
- Evaluate changes to IT tools and processes based on risk
- Provide more detailed and more practical guidance to the organization with the goal of improving compliance related processes and/or procedures.
Career Ladder
The next step in the IT Security Analyst job family is to move to the a role not currently defined at GitLab.
Hiring Process
Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.
- Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters
- Next, candidates will be invited to schedule a first interview with our Manager, IT
- Candidates will then be invited to schedule a second and third interview with 2-4 members of the IT Operations team in a panel interview
- Candidates will be then be invited to schedule a call with our Integrations Engineer
- Finally, candidates will interview with our VP, IT
Additional details about our process can be found on our hiring page.
About GitLab
GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab. Thanks to products like Duo Enterprise, and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organisation.See our culture page for more!
Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.
2887653c
)