Security Operations Analyst

The role of the Security Operations Analyst is fundamental to the establishment and upkeep of a robust integrated security program. This program is designed to safeguard the integrity, confidentiality, and availability of our information systems assets. The analyst plays a pivotal role in ensuring the resilience of our security infrastructure by performing security administration functions and offering technical support on security-related matters to end-users. Key responsibilities include overseeing and monitoring computing practices across the organization to guarantee the security of individual and departmental access, rights, resources, and sensitive information. By doing so, the Security Operations Analyst acts as a guardian, proactively identifying and addressing potential vulnerabilities to prevent security breaches. In essence, this role is essential for maintaining a secure digital environment where our information assets are shielded from unauthorized access, and the confidentiality and availability of sensitive information are upheld. The analyst's work is integral to fostering a culture of cybersecurity, contributing to the overall resilience and reputation of our organization in the face of evolving cyber threats.

Essential Functions:

• Perform security-monitoring functions on various platform types: network devices, servers, applications, and databases.   
• Monitor SIEM (firewalls, servers, and web proxies), IDS/IPS, WAF logs to identify malicious activity and attack patterns and participate in the incident response process when suspicious activity is noted. 
• Prepare and analyze incident investigation reports on security violations reported by end-users or noted through the monitoring process, in accordance with defined investigation procedures.     
• Monitor security related websites and email distributions to possess knowledge of common exploits, vulnerabilities and countermeasures.  Escalate any high-risk security threats to the Information Security Management.
• Assist in implementation of corporate security policy functions/procedures that align to security mandates/standards that include Sarbanes-Oxley, HIPPA, and PCI compliance.
• Routinely monitor and perform periodic audits to ensure production environments maintain necessary controls, integrity, and accessibility of data.  Analyze vulnerabilities and develop recommended action plans to mitigate risks.
• Perform policy compliance (hardening) checks to enforce security standards on network devices, endpoints (Windows, Open Systems, etc.), databases, and enterprise applications. 
• Coordinate information between GISCS and other departments to ensure security measures are enforced as requested by his/her manager.
• Assist in maintaining policy and procedures that are designed to protect designed computer programs, databases and data files from unauthorized or accidental duplication, modification or destruction.
• Configure and monitor security products, which include: anti-virus (A/V), APT, DLP, WAF, web content filtering, IDS/IPS, vulnerability scanners, forensics tools, SIEM, database monitoring, and e-mail content filters.

Qualifications: 

• Bachelor's degree in Information Systems or Computer Science Related
• Industry recognized technical certification desired (MCSE, CCNA, CISSP, CISA, Security+)

Knowledge, Skills and Abilities:

• Minimum 2 years' experience working with the following solutions: anti-virus, APT detection, data loss protection (DLP), WAF, web content filtering, IDS/IPS, vulnerability scanners, forensics tools, SIEM, DB monitors.
• Experience working with networking device components (i.e., managed switches, routers, and firewalls).
• Experience managing web content filtering, spam e-mail filtering, and e-mail related incidents.   
• Experience with managing vulnerability scanning (static/dynamic) and penetration testing.         
• Familiarity with fundamentals in networking/distributed computing environment concepts; ability to configure and/or correlate information in DNS, and understands basic network routing concepts.   
• Broad technical knowledge and experience which includes the following: TCP/IP, Active Directory, Microsoft Windows platforms (desktop/server), Open System platforms (desktop/servers), database platforms (SQL/Oracle)   
• Programming and/or scripting experience preferred (e.g., Perl, Batch, or C)                                                                         
• Service-oriented and must work easily with end users, IT administrators, and management.     
• Excellent oral and written communication skills 
• Ability to administer and interpret information security policies     
• Strong organizational and analytical skills     
• Ability to multi-task and handle changing priorities

Physical Demands: Must be able to remain in a stationary position at a desk and/or computer for extended periods of time.

Travel: No or very little travel likely

Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.

The range for this role's base salary is $51,600 - $90,000.  Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.  

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival's discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including:

• Health Benefits:
  • Cost-effective medical, dental and vision plans
  • Employee Assistance Program and other mental health resources
  • Additional programs include company paid term life insurance and disability coverage 
• Financial Benefits:
  • 401(k) plan that includes a company match
  • Employee Stock Purchase plan
• Paid Time Off
  • Holidays - All full-time and part-time with benefits employees receive days off for 7 company-wide holidays, plus an additional floating holiday to be taken at the employee's discretion. 
  • Vacation Time - All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year.  All employees gain additional vacation time with further tenure.
  • Sick Time - All full-time employees receive 80 hours of sick time each year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.  
• Other Benefits
  • Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends
  • Personal and professional learning and development resources including tuition reimbursement 
  • On-site preschool program and wellness center at our Miami campus

#LI-Hybrid

#LI-RM2