IT SECURITY ANALYST
San Jose, CA
We live in a mobile driven world where technology is constantly improving. Semiconductor manufacturers need a partner as they pioneer and drive the most advanced integrated circuits (ICs) ever made. FormFactor is the world’s leading supplier of semiconductor test and measurement products used to test the ICs that power the majority of smart phones and tablets on the planet, as well as electronic systems used in computing, consumer, automotive, Artificial Intelligence (AI) and other applications. We are a big company with a small time feel. Working at FormFactor gives you the opportunity to work with cutting edge technology, have a direct influence on next generation products hitting the market and drive the overall growth and development of the semiconductor industry.
We are a fast-paced, agile, growing company that values diversity of thought and constantly strives for a more diverse, inclusive environment. We are looking for enthusiastic, talented individuals who can thrive in a changing and challenging environment.
Our Information Technology team is seeking an additional team member to manage the security measures to protect FormFactor's systems, networks, and data. Under the direction of the IT Infrastructure & Security Manager, the IT Security Analyst is responsible for the day-to-day operations of the in-place security solutions, participate in the detection, identification, investigation, and resolution of security breaches detected by those systems. The position is also responsible for setting guidelines and procedures as well as conducting vulnerability audits and assessments. Other tasks may include involvement in the implementation of new security solutions, monitor the networks for security issues, install security software, and document any security issues or breaches.
The IT Security Analyst is expected to be fully aware of the company’s security framework and roadmap goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Participate in the planning and design of corporate security architecture
- Demonstrate foresight in recognizing potential or existing security issues, vulnerabilities, and threats and work with cross-functional teams to implement remediation
- Recommend additional security solutions or enhancements to current security solutions to improve overall enterprise security
- Perform the deployment, integration and initial configuration of all new security solutions and any enhancements to existing security solutions following standard best operating procedures generically and the enterprise’s security documents specifically
- Participate in the creation of corporate security documents (policies, standards, baselines, guidelines, and procedures)
- Participate in the planning and design of the corporate Business Continuity Plan and Disaster Recovery Plan
- Stay up-to-date on the latest security intelligence, including hackers’ methodologies, in order to anticipate security breaches
- Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.)
- Tune security events and correlation from applicable security products and sources
- Promote security awareness and practices among staff and employees
- Perform network traffic analysis, host behavior analysis, PC forensics, kill chain, windows event analysis, etc. to effectively detect and protect company assets
- Produce a monthly security operations dashboard with key performance indicators (incidents, metrics, security threats, intelligence, etc.)
EDUCATION, EXPERIENCE, AND SKILLS
- Bachelor’s degree in Information Technology or Information Security or substantial work experience required
- Must have 5 years of hands-on working knowledge of various security technologies (PAN or Cisco Firewalls and VPN, NAC, Endpoint Protection Platforms, File Integrity Management, IPS/IDS, Application Firewalls, Vulnerability Scanner, Web Proxy, Content Filtering, MFA, SIEM Logging & Monitoring, and DLP)
- 3 years of hands-on experience in incident management with critical incident and security event response
- Good working experience implementing network and host security policies
- Good working knowledge of cloud and email infrastructure security
- Ability to work and lead on multiple projects simultaneously
- Strong understanding of IP, TCP/IP, and other network administration protocols
- Excellent interpersonal skills and ability to communicate on all levels with management and all end-users
One or more of the following certifications is desirable:
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
- GIAC Information Security Fundamentals
- CCNA and/or MSCE/MCITP Enterprise Administrator
- Associate of (ISC)2
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Excellent written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues and products as required.
FormFactor is committed to providing a work environment where everyone is treated with dignity and respect. We are an Equal Employment Opportunity (EEO) employer and are committed to compliance with all Federal, State, and local laws that prohibit employment discrimination on the basis of age, race, color, sex (including breastfeeding and related conditions), gender (including gender identity and gender expression), national origin, ancestry, sexual orientation, religion, physical or mental disability, marital status, registered domestic partner status, medical condition, military or veteran status, genetic characteristics or information, or any other legally protected characteristic. These protections extend to all employment and management decisions including, but not limited to, recruiting, hiring, training, promotions, pay practices, benefits, disciplinary actions and terminations, and all other terms and conditions of employment.