Tier Ii Information Security Analyst- Remote

Tier II Information Security Analyst- Remote or Hybrid | Cary, North Carolina

Nice to meet you!  

We’re the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.

We’re also a debt-free multi-billion-dollar organization on our path to IPO-readiness. If you’re looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you’ll find it here.

About the job  

We’re looking for a Tier II Information Security Analyst to join our Global Information Security Operations Team. You will be responsible for helping protect SAS by developing and executing innovative security controls, defenses and countermeasures designed to help prevent internal and external attacks. Candidates should possess a diverse set of skills including security monitoring, security operations tool development, risk assessment, log analysis, threat hunting, incident response, automation, endpoint detection and response, consulting and providing guidance about security best practices, and providing compliance evidence. 

As a Tier II Information Security Analyst you will:  

• Create and update documentation and train junior-level engineers. 
• Identify opportunities for improving threat detection capabilities through tuning and implementation of new detection rules
• Triage security alerts and respond to security incidents as part of the Incident Response Team. 
• Evaluate and provide guidance on secure data flow through firewalls
• Research attempted or successful efforts to compromise systems’ security, perform root cause analysis, and design countermeasures. 
• Utilize analytical and investigative processes to perform threat hunting activities across the organization.
• Research latest security best practices, staying abreast of new threats and vulnerabilities and helps disseminate this information to appropriate groups within the organization.
• Operational knowledge of security solutions such as IDS/IPS, Web Security, MFA, DLP, EDR, and cloud security tools. 
• Coordinate and execute security projects for the organization. 
• Routinely conduct security risk assessments on networks and systems and makes recommendations to management to improve security and avoid negative impact on the business caused by theft, destruction, alteration, or denial of access to information, and systems. 

Required Qualifications

• Ability to juggle multiple projects and priorities. 
• Demonstrate experience with the following systems:
• 5+ years' of information security experience. 
• Demonstrated experience of various IT platforms (i.e. networking, system admin, programming, etc.).
• Strong communication and interpersonal skills as you will be interfacing with many internal customers. 
• Bachelor's degree in Computer Science, Engineering, or a related quantitative field.
• Must possess or be able to obtain one or more of the following certifications: CISSP, GIAC, CEH, or other related certification.

• Web content filtering
• Scripting languages
• Intrusion detection and prevention (IDS/IPS)
• Endpoint Detection & Response (EDR)
• Cloud technologies (e.g. AWS & Azure)
• Data Loss Prevention (DLP)
• • Enterprise ticketing systems (e.g. ServiceNow)
  • Cloud technologies (e.g. AWS & Azure)
  • Scripting languages
  • Log management/SIEMs
  • Intrusion detection and prevention (IDS/IPS)
  • Web content filtering
  • Data Loss Prevention (DLP)
  • Endpoint Detection & Response (EDR)
  • Network Firewalls
• Log management/SIEMs
• Enterprise ticketing systems (e.g. ServiceNow)
• Network Firewalls

• Equivalent combination of education, training, and relevant experience may be considered in place of the requirements stated above.
• You’re curious, passionate, authentic, and accountable. These are our values and influence everything we do. 

Preferred Qualifications

• Microsoft Azure experience
• Experience with at least one scripting language

World-class benefits  

Highlights include...

• Volunteer Time Off, parental leave and unlimited paid sick days.
• Onsite Health Care Center (HQ) that’s free to employees and covered family members.
• Comprehensive medical, prescription, dental and vision plans with a low annual deductible and copays.
• An industry-leading 401k plan.
• Onsite pharmacy (HQ) where a 30-day supply of any generic drug costs $5 or less. Not local? They ship for free.
• Generous childcare benefits for all full-time employees
• Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.

Diverse and Inclusive  

At SAS, it’s not about fitting into our culture - it’s about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it’s essential to who we are. To put it plainly: you are welcome here.

Additional Information

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Know Your Rights. Also view the Pay Transparency notice.

Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact [email protected].