Security Analyst

POSITION DESCRIPTION

Exclusive Resorts is seeking a Security Analyst to join our Engineering Team. In this role, you will play a vital part in safeguarding the organization's data and systems by protecting endpoints, identifying and mitigating potential vulnerabilities, actively monitoring network activity, and responding to security incidents. Additionally, you will contribute to compliance and regulatory initiatives, ensuring adherence to industry standards and best practices. Your efforts will be pivotal in protecting Exclusive Resorts from evolving cyber threats and maintaining the integrity of our technology environment.

ROLES AND RESPONSIBILITIES

Threat Monitoring and Detection

Monitor systems and logs to detect unusual activity or potential security threats.
Conduct real-time analysis of security alerts and take appropriate actions to mitigate risks.
Incident Response and Management

Investigate and respond to security incidents, including malware infections, data breaches, and unauthorized access attempts.
Document and escalate incidents as necessary and participate in post-incident reviews.
Vulnerability Management

Perform regular vulnerability scans and penetration testing to identify weaknesses.
Work with the Engineering teams to prioritize and remediate vulnerabilities.
Policy and Compliance

Ensure compliance with relevant security frameworks (PCI DSS, GDPR, and NIST CSF).
Develop, update, and enforce security policies and procedures.
Risk Assessments

Conduct security risk assessments for new systems, software, and third-party vendors.
Recommend security enhancements to reduce identified risks.
Security Awareness Training

Assist in educating employees about cybersecurity best practices, including phishing prevention and data protection.
Collaboration and Reporting

Work closely with Engineering, DevOps, and other teams to implement security solutions.
Create detailed reports and dashboards for leadership on security incidents, trends, and overall system health.
EDUCATION, SKILLS, AND EXPERIENCE

Education and Experience

Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
3-5 years of experience in cybersecurity, IT security, or a related role.
Technical Skills

Strong understanding of security technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), NGAV/EDR/MDR platforms, email security systems, and SIEM tools.
Comprehensive knowledge of PCI DSS and Personally Identifiable Information (PII).
Knowledge of Identity Access Management (IAM) platforms like Microsoft Entra ID and Okta's Auth0.
Familiarity with network protocols, operating systems (Windows, Linux), cloud environments (AWS, Azure, GCP), and Kubernetes.
Proficiency with scripting languages (e.g., Python, PowerShell) and security tools like Wireshark, Metasploit, or Nessus.
Knowledge of encryption methods, authentication protocols, and access controls.
Familiarity with web application security tools.
Certifications (Preferred)

CompTIA Security+, CISSP, CISM, CEH, or equivalent certifications.
Soft Skills

Strong analytical and problem-solving abilities.
Excellent communication skills, both written and verbal.
Experience writing security policies and procedures.
Ability to handle multiple tasks and prioritize effectively under pressure.
Additional Information

Ability to participate in a 24/7 on call rotation.
This job description is an overview of the scope of responsibilities and is not intended to be an inclusive list of job tasks and expectations. With the evolution of this company and position, the responsibilities of this role may change.