Reports To: Paul Fang
Bachelor’s Degree or Equivalent experience
The Information Security Analyst (ISA) is an essential and instrumental part of the IT Security team providing hands-on day-to-day security administration along with conducting audits, assessments, investigations, training and operational duties. In addition, the ISA works with multiple functional areas to identify and recommend solutions on security-related issues, and provides expertise and hands-on security administration of a broad range of security duties.
The ISA implements and manages information security measures to ensure and protect the confidentiality, integrity, and availability of BeiGene’s assets. The position is responsible for monitoring, reviewing, analyzing and evaluating the on-going security of BeiGene’s environment and ensuring compliance with policy and standards.
Essential Functions of the job:
- Ensures adherence to BeiGene Information Technology policies, standards and procedures
- Executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company data or systems
- Correlates actionable security events, performs network traffic analysis using raw packet data, net flow, IDS/IPS, etc.
- Describes, tests and validates security measures active on security infrastructure devices for the protection of computer systems, networks and information systems
- Performs regularly scheduled vulnerability scans and prepares associated reports
- Assists with security risk assessments and vulnerability evaluations
- Coordinates and performs periodic penetration testing to determine vulnerabilities and appropriate controls to prevent, detect or respond to future events
- Determines security violations and inefficiencies through security tests, evaluations and internal audits.
- Helps to conduct compliance assessments to ensure security of information systems; develops and maintains documentation
- Performs incident response, investigation, analysis, resolution and reporting activities
- Assists to identify intrusion or incident method, preserves evidence and drafts investigation reports
- Participates in root cause analysis of critical security events to improve processes
- Coordinates and delivers security awareness training
- Monitors sources (e.g. NVD, IAVA, IAVB, OTX) for new vulnerabilities
- 5 years of experience in information security operations and information security principles/practices including concepts, methods and procedures
- Strong hands-on experience with implementing and monitoring security methods and control techniques such as firewalls, AV, IDS/IPS, VPN, DLP, SIEM, file integrity monitoring, vulnerability scanning, penetration testing, data encryption, backup and disaster recovery, or other security-related technologies
- Strong experience in monitoring, researching, resolving and security incidents
- Strong experience in root cause analysis of security events/breaches and performing incident response, investigation, analysis, forensics, resolution and reporting
- Experience in designing, reviewing, and auditing secure network, systems, and application architectures
- Working experience with utilizing SIEM systems such as AlienVault, Splunk or similar
- Experience with executing security controls, defenses and countermeasures to intercept and prevent attempts or attacks
- Experience in conducting risks assessments and vulnerability evaluations
- Knowledge of and working experience with NIST, ISO, SOX, GMP, and/or other recognized industry security frameworks and compliance standards and best practices
- Experience with E-mail security and archiving solutions such as Mimecast, Proofpoint or similar
- Experience with security in DNS, DHCP, TCP/IP, Active Directory, and network topologies
- Experience with AWS Azure/O365 and cloud PaaS security
- Relevant industry certification(s), such as: Cisco CCNA/CCNP Security, CEH, CISSP, ISSAP/ISSEP
Ethics – Treats people with respect; Inspires the trust of others; Works with integrity and ethically; Upholds organizational values.
Planning/Organizing – Prioritizes and plans work activities; Uses time efficiently. Completes administrative tasks correctly and on time. Follows instructions and responds to management direction.
Communication – Listens and gets clarification; Responds well to questions; Speaks clearly and persuasively in positive or negative situations. Writes clearly and informatively. Able to read and interpret written information.
Teamwork – Balances team and individual responsibilities; Gives and welcomes feedback; Contributes to building a positive team spirit; Puts success of team above own interests; Supports everyone’s efforts to succeed. Contributes to building a positive team spirit; Shares expertise with others.
Adaptability – Able to adapt to changes in the work environment. Manages competing demands. Changes approach or method to best fit the situation. Able to deal with frequent change, delays, or unexpected events.
Technical Skills – Assesses own strengths and development areas; Pursues training and opportunities for growth; Strives to continuously build knowledge and skills; Shares expertise with others.
Dependability – Follows instructions, responds to management direction; Takes responsibility for own actions; Keeps commitments; Commits to long hours of work when necessary to reach goals; Completes tasks on time or notifies appropriate person with an alternate plan.
Quality – Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance; Monitors own work to ensure quality.
Analytical – Synthesizes complex or diverse information; Collects and researches data; Uses intuition and experience to complement data.
Problem Solving – Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully.
Project Management – Communicates changes and progress; Completes projects on time and budget.