Security Monitoring Analyst Expedia, Inc. - Gurgaon, Haryana Position Description Position Overview: Security Monitoring Analyst Do you have a passion for security? If so, this is an excellent opportunity to join the global leader in online travel and a leading team of experts in ecommerce security. Expedia, Inc. is looking for a talented information security professional to join our Enterprise Information Security (EIS) team. This team is responsible for the security of all Expedia information assets in both our corporate and ecommerce environments across multiple global sites. The Security Analyst role is focused on monitoring, assessing, and continually improving the reporting and alerting capabilities of the Information Security Team. The candidate will be expected to display a solid grasp of information security concepts and principles with a rich background of execution demonstrating this knowledge. Working with operations, engineering, incident response, developers, and other technical and non-technical staff, the candidate must gather data from various teams and tools and collect that into a comprehensive view to perform analysis and reporting. Additionally, the candidate must have some knowledge of system security design, network security best practices and principles of software assurance. Sharp analytical skills, organizational skills, ingenuity and the ability to effectively communicate and work as part of a team are required. Responsibilities: - Gather reporting requirements ,turning them into consumable outputs - Take the lead on compiling data from various sources into a consolidated view of actionable information (e.g., a SIEM) - Proactively recommend process, tool, secure development methodology improvements - Regularly keep management abreast of security issues and their potential risk impact to the business - Ensure adequate protections for Data at rest exist in compliance with regulatory and policy constructs (PCI DSS, Corp. policy and standards, etc) Qualifications: - Familiarity with a wide range of information security technologies such as access controls, intrusion detection/prevention systems, server technologies, networking components, remote access technologies, endpoint security solutions - Must possess at least one current form of the following certifications - CISSP, CISA, CISM, CCIE, MCDBA - Familiarity with one or more of the following - Symantec DLP, ArcSight, Archer, MS SQL (including reporting and analytics services), Oracle DB (- including reporting and analytics services), OLAP tools and processes - Ability to interpret and apply appropriate Standards, Policy and Legislative control requirements, e.g., ISO 27001, PCI DSS, EU Data Protection Directive - High level knowledge of technical security deficiency / vulnerability reports and ability to reason through assessing effectiveness of deficiency / vulnerability remediation plans - Candidate should be highly technical and knowledgeable about enterprise level IT Operations. - Self-starter with a willingness to learn and adapt with pace of work environment - Good interpersonal and communication skills - both written and verbal. - Understanding of Security as an enabler for the business, not an inhibitor Work Experience and Education Guidelines: - Bachelors Degree in Computer Science, Engineering, Information Systems, BS Degree in a technical course or equivalent experience. - A minimum of 3 years of demonstrated experience is required, 5+ is preferred; however all equivalent experience will be considered Core Competencies: - Experience with SQL server, and querying large data structures - Experience with Splunk or Netcool - Experience working with Engineering, development, and business teams to understand business needs - Secure Development Lifecycle concepts and methodologies - Familiarity and capability of owning a program end-to-end at an enterprise level - preferably as a project manager or key stakeholder responsible for delivery - In depth knowledge of reporting and analytics tools, processes, and methodologies - Work with tools in a hands-on manner to monitor, detect, and report on security matters - Use data to help expose and report on policy and compliance issues in an e-Commerce environment - Providing recommendations on findings that tie back to risk handling strategies - Relational database use to support a security organization About Expedia, Inc. Our mission is to revolutionize travel through the power of technology. Collectively, the Expedia, Inc. brands cover virtually every aspect of researching, planning, and booking travel, from choosing the best airplane seat, to reading personal travel reviews of hotels, to planning what to do in a destination once you arrive. The Expedia, Inc. portfolio serves both leisure and business travelers with tastes and budgets ranging from modest to luxury. Expedia delivers consumer travel demand from nearly every continent to nearly 149,000 hotels and hundreds of airlines, tour operators, car rental companies and destination services supply partners. Please visit company website to learn more about our travel brands. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employees I-9 to confirm work authorization*LI-HS1 apply:- lifeatexpedia/
Posted on: Sat, 23 Nov 2013 16:22:15 +0000
Trending Topics
Recently Viewed Topics
© 2015