At over 45 years old and counting, B&H has built a reputation as the trusted resource for photography and videography enthusiasts via its NYC SuperStore and its award-winning website. Long known as "The Professional’s Source", B&H is recognized by savvy consumers worldwide for its honest, knowledgeable guidance, expert tips and articles… and always-great prices.B&H offers competitive salaries, medical benefits, a 401K plan, employee discounts and opportunities to grow within a high-energy, low-attitude environment. Make your move to B&H today!

Job Overview: The Information Security Specialist Level 3 (Security Analytics) is responsible for Threat Response and Security Incident Handling. S/he supports day-to-day Information Technology (IT) security operations and event investigation. The Specialist is involved with employee technology on-boarding, off-boarding, logical access control, and access entitlement review for internal and cloud systems. This role provides IT Security Information and Event Management (SIEM), log management, security incident management, and forensics. This individual serves a key role providing a holistic view of an organization's IT security preparedness and response to cyber threats.

Essential Responsibilities:

• Lead Enterprise Vulnerability and Patch Management initiatives that advance business objectives in a manner that matches business appetite for risk

• Improve security awareness regarding evolving threats and common vulnerabilities

• Assist with examination of security controls (i.e., facilitate internal and external audits, compliance reporting, and management attestation)

• Examine operational effectiveness of security controls and design automation when valuable

• Develop cyber security analytics and threat intelligence using multiple data sources using SIEM

• Provide 2nd level support to Security Operations Center (SOC)

• Configure security tools and sensors to alert on certain risk conditions

• Examine cyber adversary techniques in order to develop defensive methodologies

• Explore the security event alerting and auditing capabilities of various technology (e.g., Microsoft Windows, SQL, Email, Firewalls, IPS, AV, applications, etc.) and establish configuration standards

• Assist Computer Emergency Response Team (CERT) with cyber threat detection and prevention

• Responsible for Security Data Analytics, SOC 2nd Level Support, Threat Intelligence and Security Risk Reporting

• Formally establish PVG, inventory of software in scope for patching, and risk register.

• Explore solutions (e.g., dashboard) to improve management visibility into vulnerabilities and service provider remediation progress.

• Advocate security awareness in build and operations. Become involved in planning of projects to consider security early on. Lead SANS Secure the Human (STH) rollout to key employees and developers.

• Facilitate PCI DSS 3.0 audit

• Vulnerability Scanning and Penetration Testing, key control testing, Data Leakage Detection and Scanning, and Identity and Access acceptable use monitoring

• Responsible for employee technology on-boarding, off-boarding, logical access control, and access entitlement review for internal and cloud systems

  Additional Responsibilities:

• Recurring reporting to IT Management demonstrating operational effectiveness of security controls

• Grow professional expertise with threat response and incident handling – obtain GCIH certification

  Specific Knowledge, Skills and Abilities:

• Knowledge of information technology including Microsoft Windows, Linux, office automation (e.g., Microsoft Word, Microsoft Excel, Microsoft Outlook, etc.), email, databases.

• Understanding of networking concepts and technologies including Routing, Switching, NAT, OSI Model, etc.

• Strong knowledge of common information security concepts such as anti-virus, logical access control, firewalls, intrusion prevention, least privilege, separation of duties, etc.

• High level of analytical and problem-solving abilities

• Aptitude to learn new technology product and concepts

• Ability to manage multiple projects and multiple deadlines in an organized fashion

• Interest to learn scripting languages, macros, programs, and regular expressions

• Understanding of basic data analysis and management concepts

• Ability to communicate clear call to action verbally and in written form

• Desire to learn new products and techniques to safeguard information systems and data

• Ability to work independently to advance daily duties as well as collaboratively with multiple teams to advance projects

• Experience with Splunk, analytic development, data mining, data visualization, or machine learning is also helpful.

• Experience with Data Warehouse and Business Intelligence (BI) tools desired but not required

• Ability to author technical and management risk reports

  Preferred Education, Experience and Licenses:

• Minimum Education Required: Associate Degree in Information Assurance, Computer Science, Mathematics, or Business Administration or related field or equivalent job-related experience.

• Education Desired: Bachelor Degree in Security Management, Information Assurance, Computer Science, Mathematics, or Engineering or related field

• ISC2 CISSP or ISACA CISM/CISA professional certification preferred

• 10 years of experience in IT or in role that requires regular use of Information Technology and Data Management.

• 2 years of experience with Security Information and Event Management (SIEM) products (e.g., Splunk, ArcSight, LogLogic, etc.) preferred

• Experience in Retail desired, but not required

  We are an Equal Opportunity Employer. All persons shall have the opportunity to be considered for employment without regard to their race, color, religion, national origin, ancestry, alienage or citizenship status, age, disability or handicap, sex or gender, marital status, veteran status, sexual orientation, arrest record, or any other characteristic protected by applicable federal, state or local laws.We will endeavor to make a reasonable accommodation to the known physical or mental limitations of a qualified applicant with a disability unless the accommodation would impose an undue hardship on the operation of our business. If you believe you require such assistance to complete this form or to participate in an interview, please let us know.

Job Details

Job Family Information Systems

Pay Type Salary

Hiring Min Rate 109,000 USD

Hiring Max Rate 136,000 USD