Analysis Group, Inc.

  • Network Security Engineer

    Locations US-MA-Boston
    Category
    Information Technology
  • Overview

    Analysis Group is one of the largest economics consulting firms, with more than 900 professionals across 14 offices in North America, Europe, and Asia. Since 1981, we have provided expertise in economics, finance, health care analytics, and strategy to top law firms, Fortune Global 500 companies, and government agencies worldwide. Our internal experts, together with our network of affiliated experts from academia, industry, and government, offer our clients exceptional breadth and depth of expertise.

     

    The Network Security Engineer assists in maintaining the security of Analysis Group’s network infrastructure. In addition, the Network Security Engineer is responsible for related operational activities, such as the configuration, installation, monitoring, maintenance, upgrading, patching and associated troubleshooting of Analysis Group’s systems. This position is also responsible for analyzing and resolving identified vulnerabilities and security incidents in a timely and accurate fashion, and provides end user and IT security training where required.
     

    Essential Job Functions and Responsibilities:

    • Conduct internal vulnerability and security scans of Analysis Group’s network infrastructure (i.e. databases, operating systems, network devices, etc.)
    • Manage and review external vulnerability scans conducted by Qualys
    • Conduct subsequent analysis of scan results to assign overall risk levels to systems
    • Work independently and with various IT teams to mitigate identified vulnerabilities based on applicable risk
    • Review and analyze vulnerabilities that have been identified as being required for functionality; and develop mitigation plans
    • Provide technical guidance and hardening recommendations for new systems currently in the design phase
    • Attend and support infosec related system design reviews and other technical meetings
    • Develop scripts to simplify data collection that are necessary to occur throughout the scanning and vulnerability assessment process
    • Work with third parties to conduct yearly external penetration testing of critical systems
    • Evaluate the latest vulnerability, network discovery, penetration, and other security evaluation tools
    • Manage and maintain Dell Secureworks Managed SEIM platform, on board new systems, monitor and manage alerts through to resolution
    • Research, recommend, implement and manage solutions to improve our logging capabilities in areas such as CIFS logging, IDS/IPS, firewall, AV, log aggregation and reporting
    • Research, recommend and implement solutions to constantly improve the firms overall security posture
    • Assist with the completion of various client security assessment questionnaires

     Qualifications:

    • University degree in computer science or electrical engineering and 5+ years equivalent work experience
    • Information Assurance Certifications (i.​e.​ CISSP, CISA, GIAC, Security +​)
    • Excellent verbal/​written communications skills
    • Firm understanding of Windows and Linux system administration and security
    • Network vulnerability scanning and remediation
    • Demonstrated knowledge of SEIM and logging solutions.
    • Operating systems: Windows, Unix, Linux
    • Vendor-Specific Certifications (i.​e.​ MCITP, CCNA, SCSA)
    • Familiarity with regulations and standards such as PCI, NERC/CIP, SOX, HIPAA/HITECH, FFIEC, EU Privacy Laws, ISO, COBIT, NIST SP800-92, NIST SP800-94, NIST SP800-53
    • Patching tools such as Altiris or Kace
    • Scanning and evaluation tools: Nessus, Qualys, Wireshark, NMAP, etc.​ 

     

     

                   

    ­

     

    • Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
    • Please view Equal Employment Opportunity Posters provided by OFCCP here.
    • The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed