Share this Job

Senior Information Security Analyst

Tapestry

New York, NY, US

Come, be part of our Tapestry.

Defined by inclusivity rather than exclusivity, Tapestry is a global house of brands that embraces the exploration of individuality. Every individual in our global house has the opportunity to make an impact, learn and be part of our growing, beautiful, and unique story.

At Tapestry, we have the freedom to express ourselves and run with our best ideas across Coach, Kate Spade New York, and Stuart Weitzman. We share a profound belief in both our individual and collective potential, and know that with hard work and dedication, anything is possible.

 

Overview:

The Information Security Analyst will be responsible for analyzing events, conducting vulnerability assessments, identifying threats, reporting security findings and recommending corrective actions for the relevant operational teams. He/she will be granted access to industry leading security tools and among other Infosec members will be responsible for the administration and maintenance. The ideal candidate must be able to work independently and have solid project management skills.

 

 

The key responsibilities of the role are:

  • Review and analyze alerts and logs from server hosts, Firewalls (FW), Intrusion Detection Systems (IDS), Antivirus (AV), UBA, and other security threat data sources.
  • Maintain SIEM/log management solution, including data collection, aggregations, and regular exception reporting, Network Hierarchy, Content Extensions, version upgrades and patches.
  • Assist with the HW and Software upgrade of the SIEM (Qradar) appliances, deployment expansion and migration from the on-premises solution to the Cloud.
  • Assist with threat management tasks, including threat hunting, threat intelligence feeds and implementing Qradar apps supporting this operation.
  • Manage the security operations among all brands by analyzing and/or escalating security events found internally or via Managed Security Service Providers to our IT and business partners.
  • Monitor and distribute security notifications in adherence with the established notification / security information sharing protocols.
  • Assist with formulation and distribution of Information Security Metrics that demonstrate security coverage and remediation effectiveness.
  • Assists with review of Network and Application vulnerability scan alerts and reports.
  • Identify and resolves false positive findings in assessment results
  • Work closely with QSAs and business teams to identify requirements for PCI regulatory compliance; Follow-up on outstanding audit findings, document new or updated applications and/or technology infrastructure elements, etc.
  • Monitor and maintain compliance with all applicable configuration standards

 

Required Skills:

  • Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, IPSEC, HTTP, TLS, DNS etc.)
  • Technical expertise in security engineering, cloud computing (AWS/Azure), system and network security, authentication and security protocols, cryptography, and application security
  • 3-5 years hands-on experience with QRadar SIEM administration and security analyst use
  • 2-3 years of experience with vulnerability scanning and web application testing tools
  • Strong understanding of Data Security and Regulatory Standards including Payment Card Industry (PCI), Sarbanes-Oxley (SOX) and NIST Cybersecurity Framework (CSF).
  • Strong critical thinking and problem-solving skills
  • Excellent written and oral communications skills
  • Ability to understand business needs and commitment to delivering high-quality, prompt, and efficient service to the business

 

Typical Education and Experience:

  • BS in Computer Science, Information Security, or a related field
  • 3-5 years of past experience in information security, especially in an analyst role on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
  • Industry Certifications such as CISSP, CISM, CISA, CEH are considered a plus

Tapestry, Inc. is an equal opportunity and affirmative action employer and we pride ourselves on hiring and developing the best people. All employment decisions (including recruitment, hiring, promotion, compensation, transfer, training, discipline and termination) are based on the applicant’s or employee’s qualifications as they relate to the requirements of the position under consideration. These decisions are made without regard to age, sex, sexual orientation, gender identity, genetic characteristics, race, color, creed, religion, ethnicity, national origin, alienage, citizenship, disability, marital status, military status, pregnancy, or any other legally-recognized protected basis prohibited by applicable law. #LI-AH1 Visit Tapestry, Inc. at http://www.tapestry.com/

Req ID:  52312