Diagnostica Stago, Inc., (DSI) is an industry leader in the science of hemostasis and thrombosis. Stago provides the total commitment of global resources and responsiveness, coupled with cutting edge technology and reliability. DSI is dedicated to continually developing and providing the very best hemostasis products, technical support, and services.
Under direct supervision of the SNA Information Technology Director, this position supports the department goals of protecting the organization's information assets. As part of the Corporate Information Security Team led by the Corporate CISO you will monitor the organization’s networks for security breaches and investigate violations when one occurs. Prepare reports that document security breaches and the extent of the damage caused by the breach. Research the latest information technology (IT) security trends and assist with the develop of security standards and best practices for the organization. Assist with the response to customer security questionnaires for the organization and medical instruments. Recommend security enhancements to management or senior IT.
Essential Duties & Responsibilities:
Pro actively threat hunt by performing analysis of events in the current SIEM and other SOC tools looking for malicious activity and other security related events that were not identified by the automated processes.
Respond to customer security questionnaires and inquires around the firm's security program and medical instruments.
Regularly review logs and reports of all critical information systems. Identify potential security incidents and provide expert analysis on any events of interest.
Respond to security incidents, including providing post-event analyses and developing procedures for responding to future incidents.
Conduct regular audits to ensure that systems are being protected and that data is secured. Identify potential weaknesses and implement measures to prevent security breaches.
Provide daily operational support to end users with Information Security concerns/questions.
Assist in the development of security policies, standards, and procedures. Ensure these policies are implemented and followed throughout the organization.
Ensure the safety of information systems assets and protect systems from unauthorized access by performing system access reviews (for internal applications and Cloud services) and documenting any findings.
Monitor and respond to security system alerts and notifications.
Investigate/escalate security incidents.
Perform information security risk assessments on products, processes, vendors, and systems with consideration of good security best practices and the company's overall risk appetite.
Document and manage security exceptions, violations, incidents and other risk concerns to closure.
Develop content and action tuning requests to improve alert fidelity and reduce false positives.
Assist in security awareness training for the organization.
Maintain Loopio database for security questionnaires.
Analyzing current IT systems, architectures, and processes. Identifying risks, opportunities, faults, and areas for development.
Education & Requirements
Associate or bachelor’s degree required in Computer Science, Information Technology or related field. Must have a minimum 2 years of experience working in an IT security role. Security related certifications, CISSP desired.
Strong understanding of security principles such as attack frameworks, threat landscapes, attacker, etc.
Proven experience as a Security Analyst or similar role.
Knowledge of various security methodologies and processes, and technical security solutions (firewall and intrusion detection systems).
Knowledge of TCP/IP Protocols, network analysis, and network/security applications.
Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing.
Past experience working in a SOC environment.
Previous experience in Network monitoring platforms.
Knowledge of industry best practices and experience with both hardware and software systems.
In-depth knowledge of Windows operating systems, other OS’s such as Linux is a plus.
Must have knowledge of MS Office tools, Visio, Teams.
CISSP, ISACA, CompTIA Security, Microsoft security a plus.
Experience in ISO certification environment is a plus.
Excellent analytical and problem-solving skills.
Strong interpersonal skills with the ability to influence others in a positive and effective manner.
Ability to work in a team environment.
Ability to work under pressure in a fast-paced environment.
Up to 10% travel may be required.
Ability to speak French is a plus.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
