Address
Form of workWho we are.
Newfold Digital is a leading web technology company serving millions of customers globally. Our customers know us through our robust portfolio of brands. We have some of the industry's most prominent and storied go-to-market brands, including Bluehost, HostGator, Domain.com, Markmonitor, Network Solutions, Register.com and Web.com. We help customers of all sizes build a digital presence that delivers results. With our extensive product offerings and personalized support, we take pride in collaborating with our customers to serve their online presence needs. The strength of our company lives in the intersection of our people, our customers, and our brands.
The Information Security Analyst is responsible for the day-to-day monitoring of systems and networks for security issues, installing security software, documenting security issues or breaches and performing security testing for company systems. The Information Security Analyst may perform risk assessments, support business continuity, review system configuration and compliance with security requirements, perform incident logging and reporting, security operations, and end user security administration and system access.
What you’ll do & how you’ll make your mark.
- Identifies and ensures mitigation of Information Security risks within the organization
- Evaluates projects to ensure proper security requirements and actively with corporate-wide Information Security project planning and documentation of divisional and corporate projects
- Assists with internal and external IT audits. Support processes for identification, collection and review of relevant data and assist with defining control recommendations that are both efficient and effective.
- Reviews requests for adherence to security policies, assuring requests are executed correctly
- Identifies security incidents and responds to ensure risk is contained
- Maintains integrity of security controls based on toolsets as well as support their updates and use
- Develops and analyzes security reports and reports security incidents to compliance staff and department leadership
- Monitors audit system to find security violations, vulnerabilities, and abnormalities
- Develops and maintains security control framework, which includes security policies, standards, practices, and guidelines
- Assists incident handling for the Cyber Incident Response Team (CIRT). Completes corrective action plans, resolves audit findings and security issues, ensuring problems are resolved in an effective and timely manner.
Who you are & what you’ll need to succeed.
- Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security)
- Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks, Threat and vulnerability management
- Experience with vulnerability scanners, vulnerability management systems, patch management and host-based security systems
- Knowledge of networking and the common network protocols
- Demonstrated ability to create scripts to automate processes in PowerShell, Python or Bash
- Demonstrated ability to perform static and dynamic malware analysis
- Demonstrated ability to analyze large data sets and identify anomalies
- Demonstrated ability to quickly create and deploy countermeasures under pressure
- Familiarity with common infrastructure systems that can be used as enforcement points
- Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals
- Project Management skill is a plus
- Experience working with cloud technologies (AWS, Azure, GCP or OCI) is highly desired
Basic to Intermediate professional role. Moderate skills with high level of proficiency. Works under general supervision with increased latitude for independent judgment. Identifies non-routine issues and routes/escalates to appropriate team member. Works on multiple concurrent projects of medium complexity. Is an active team member, contributes to complex projects to gain experience, shares ideas and suggests process improvements appropriate for level of experience. Consults with senior peers on semi-complex processes to learn through experience. Typically requires a minimum of 3 - 5 years of experience in security-related fields or related disciplines.
Educational and Certification Requirements
A degree in Information Technology, Computer Science or related field is highly desirable. Certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), CompTIA Security+ is highly desired.
Why you’ll love us.
- We’ve evolved; we provide three work environment scenarios. You can feel like a Newfolder in a work-from-home, hybrid or work-from-the-office environment.
- Work-life balance. Our work is thrilling and meaningful, but we know balance is key to living well.
- We celebrate one another’s differences. We’re proud of our culture of diversity and inclusion. We foster a culture of belonging. Our company and customers benefit when employees bring their authentic selves to work. We have programs that bring us together on important issues and provide learning and development opportunities for all employees. We have 20 + affinity groups where you can network and connect with Newfolders globally.
- We care about you. We provide excellent Health Insurance options to fit you, HSA, Medical, Dental, Vision, Matching 401K, Life/AD&D/STD/LTD, Tuition Reimbursement, Pet Insurance, Generous vacation policy, and much more!
- Where can we take you? We’re fans of helping our employees learn different aspects of the business, be challenged with new tasks, be mentored, and grow their careers. Unfold new possibilities with #teamnewfold!
Employment with Newfold Digital is at-will and nothing in this Job Description should be interpreted or construed to alter the at-will employment relationship.
