Sr. Security Analyst - Penetration Tester

More Options

Columbus, OH, United States
map-icon
44731
6403803

To apply, email this job to yourself and open on a desktop to submit your application.

Job ID: 44731

OVERVIEW:
Member of the team that executes the L Brands Information Security Program operating processes and delivering/supporting technology necessary to protect the confidentiality, integrity, availability and legal/regulatory compliance of L Brands- information and technology assets. This position has global enterprise-wide responsibilities for Security Consulting services regardless of brand or function.

Coordinate and execute information security testing and validation and ensure security defects are documented and tracked for all releases, major technology & process changes, project initiatives. SCOPE: Stores, Direct, Mobile, Infrastructure people process and technology (HW/SW) for both internal and external/cloud solutions. Maintain assessment program metrics and deliver reports based on agreed upon criteria and cadence.

RESPONSIBILITIES:

Information Security Risk Assessment
-Deliver technical requirements supporting ISO Administrative Security driven regulatory risk assessments (e.g. HIPPA, PCI Enterprise RA).
-Deliver technical requirements on ad hoc risk assessments driven by internal ISO priorities or external factors (e.g. industry, technology changes, org change, and innovation).
Information Security Testing and Validation
For all releases, major technology & process changes, project initiatives:

-Provide consultation to ISO Security Intelligence team on security testing methodology, procedures and tools.
-Maintain awareness of security threats associated with the project.
-Work with appropriate resources from the Information Security and project teams to plan scope and timing of security testing (Vulnerability Assessment, Penetration Testing).
-Follow change management policies for security testing.
-Execute penetration testing in accordance with plans.
-Analyze penetration testing results to validate, classify and risk rank findings.
-Prepare and deliver penetration test report with findings and recommendations to project teams.
-Support remediation activities.
-Execute security control validation.
Incident Response
-Engage as needed and based on technical expertise to support security incidents and breaches. All hands on deck situations.

QUALIFICATIONS:
-7-10 years of experience in information security and risk management.
-Strong verbal and written communication skills.
-Ability to communicate technical issues to non-technical audiences at multiple organization levels
-Experience multi-tasking and prioritizing deliverables and managing expectations across multiple simultaneous projects.
-Experience leading and managing work unsupervised
-Experience working on enterprise level cross functional projects and working under project deadlines.
-Experience identifying and integrating information security requirement into project deliverables.
-Ability to weigh in on and influence risk assessment discussions/decisions
-Strong collaboration and innovation skills.
-Understanding of networking applications, multiple platforms and databases.
-Experience exploiting and leveraging vulnerabilities to test systems, platforms, applications, databases, devices.
-Experience with NIST Cybersecurity Framework, OWASP, CIS Critical Security Controls, PCI DSS and Sarbanes-Oxley.
-Broad and deep understanding of information security controls, how controls are used to detect and respond to events & incidents, how controls impact the business and how control gaps can be mitigated/remediated.
-Understanding of (US) national regulatory requirements and how they apply to technology implementations
-Always on call
-Ability to assess/evaluate/prioritize risk on small to medium sized projects

EDUCATION:
-Bachelors Degree in Information Technology/Information Security or equivalent experience in technology
-Security Certifications preferred such as CISSP, CRISC, OSCP, or relevant SANS/GIAC certification (e.g. GPEN, GWAPT, GWEB, GMOB).
L Brands, through its high-emotion brands Victoria's Secret, Bath and Body Works, Pink, La Senza and Henri Bendel, is an international specialty retailer delivering lingerie, personal care and beauty products, apparel and accessories to customers worldwide. Our brands are available in more than 2,600 retail stores in the United States, more than 680 international locations, and through our award-winning internet and catalogue channels. L Brands, which recorded sales of $10.5 billion in 2012 and employs more than 90,000 associates, was Fortune's 2011 World's Most Admired specialty retailer.

loading