Senior IT Security Analyst
Alameda, CA

Job Description

The Security Analyst will play a key role in helping establish our security team at Exelixis by focusing on enhancing the security posture of our corporate infrastructure and organization. The information security analyst works closely with the other members of the department to develop and implement a comprehensive information security program. This includes defining and implementing security policies, processes, and standards. The security analyst selects and deploys technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.

Position Requirements

ESSENTIAL DUTIES AND RESPONSIBILITIES:

* Integrate with various teams on technology initiatives to improve security of our systems and operations.
* Document policies, processes, and controls.
* Evaluate and enforce IT security controls, security policies, and secure computing practices.
* Perform scheduled vulnerability scanning, patch management and reporting.
* Assess and manage vendor risk.
* Manage a diverse set of security platforms and generate reports for senior leadership consideration.
* Operate SIEM and other intelligence systems to monitor the environment for actionable events.
* Manage security tools and services for authentication, authorization and other security services.
* Participate in monthly, quarterly and annual security and compliance audits by providing evidence and metrics, and improving the process through tools and automation.
* Coordinate incident response, analysis, remediation, and cleanup.
* Partner and coordinate with Security service providers.
* Follow industry and Exelixis best practices and procedures in a SOX and an FDA regulated environment.
* Mentor and cross train team members.
* Work off hours and weekends as required.
* 24/7/365 on-call availability for emergency escalations.

SUPERVISORY RESPONSIBILITIES:

* None

EDUCATION/EXPERIENCE/SKILLS:

Education:

BS/BA degree in related discipline and five years related experience; or,

Equivalent combination of education and experience

IT Security Certifications (SANS, ISACA, (ISC)2, GIAC, etc.)

Experience:

Five or more years of experience in IT Security or related Infrastructure administration in a highly available and production environment

Technical lead experience is preferred.

Experience working in a SOX and FDA regulated environment is a plus

Knowledge/Skills/Abilities:

* Minimum of four years' experience implementing and following security frameworks or compliance standards, such as PCI-DSS, CIS Controls, NIST, COBIT, etc..
* Certifications or training that demonstrate a commitment to continued professional information security advancement.
* Working knowledge and experience with security such as vulnerability management, incident response, threat management, and others.
* Strong CLI and scripting language experience (Python, PowerShell, etc..)
* Strong knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application whitelisting and endpoint protection.
* Ability to engage and collaborate with employees to leverage security to help the organization succeed.
* Experience assessing, designing, and implement network and security solutions for corporate and Cloud-based network.
* Strong ability to interface with internal customers and technical staff. Strong customer-facing skills (oral, written and verbal skills); ability to define and articulate complex process flows.
* Ability to organize and prioritize numerous tasks and completes them under time constraints.
* Ability to work with minimal guidance, to adapt to frequent priority changes, and response to ad-hoc requests

JOB COMPLEXITY:

* Works on problems of extremely diverse scope and complexity where analysis of data may require evaluation of identifiable factors.
* Demonstrates good judgment in selecting methods and techniques for obtaining solutions.
* Develops relationships with senior internal and external personnel in area of expertise.
* Resolves a wide range of issues in creative ways and/or using a combination of applied company procedures.

DISCLAIMER

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.