Information Security Analyst (Associate II)

About BPM:

BPM is a full-service accounting firm providing comprehensive assurance, tax, and consulting services to clients globally. We are one of the largest California-based accounting firms and have built our success by focusing on our clients and our people. Our client base encompasses a complex array of sophisticated clients that keep our staff intellectually challenged every day.

Our people-centered culture and firm motto “Because People Matter” has allowed us to be consistently recognized as one of the Best Places to Work in the Bay Area. We are dedicated to providing meaningful careers for all of our employees along with fostering an environment that allows an integrated lifestyle. Our flexible culture allows our professionals to live a balanced lifestyle between their work responsibilities and personal commitments. 

Burr Pilger Mayer India Pvt. Ltd. (BPM India) is a subsidiary of BPM LLP. Founded in 1986, BPM is one of the largest California-based accounting and consulting firms, ranking in the top 35 in the country. With 14 different office locations, BPM serves emerging and mid-cap businesses as well as high-net-worth individuals in a broad range of industries, including financial services, technology, life science, manufacturing, food, wine and craft brewing, automotive, nonprofits, real estate and construction. The Firm’s International Tax Practice is one of the largest on the West Coast and its well-recognized SEC practice serves approximately 35 public reporting companies, mostly in the technology industry.

About the role:

The IT Security Analyst performs two core functions for BPM. The first is the day-to-day operations of the in-place security solutions, while the second is identifying, investigating, and resolving security incidents detected by those systems. Secondary tasks may include implementing new security solutions, creating and maintaining policies, standards, baselines, guidelines, and procedures, conducting vulnerability audits and assessments, and assisting with E-Discovery. The IT Security Analyst is expected to be fully aware of the enterprise’s security goals established by its stated policies, procedures, and guidelines and to uphold those goals.

Responsibilities:

• Strategy & Planning




• Participate in the planning and design of enterprise security architecture under the direction of the IT Security Manager, where appropriate.
• Participate in creating and maintaining enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.




• Acquisition & Deployment




• Maintain up-to-date detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
• Recommend additional security solutions or enhancements to existing solutions to improve overall enterprise security.
• Deploy, integrate, and initial configure all new security solutions and enhancements to existing security solutions, following standard best operating procedures generically and the enterprise’s security documents specifically.




• Operational Management




• Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether under direct control (i.e., security tools) or not (e.g., workstations, servers, network devices).
• Maintain operational configurations of all in-place security solutions per the established baselines.
• Monitor all in-place security solutions for efficient and appropriate operations.
• Review logs and reports of all in-place devices, whether they are under direct control (i.e., security tools) or not (e.g., workstations, servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution.
• Participate in investigations into problematic activity.
• Participate in E-Discovery projects.
• Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.
• Provide on-call support for end users for all in-place security solutions.

Position Requirements:

• College diploma or university degree in Computer Science and/or two years equivalent work experience.




• One or more of the following certifications:




• GIAC Information Security Fundamentals
• Microsoft Certified Systems Administrator: Security
• GIAC Certified Intrusion Analyst Certification (GCIA)
• Associate of (ISC)2
• Palo Alto Network Certified Network Security Engineer
• CompTIA Security+

Knowledge & Experience:

• Extensive experience working in a SOC environment or handling incidents and breaches.
• Experience with Palo Alto firewalls, intrusion detection systems, intrusion prevention systems, anti-virus software, data encryption, and other industry-standard techniques and practices.
• Working technical knowledge of network, PC, and platform operating systems
• Strong understanding of networking, including network traffic analysis.
• Familiarity with switches, routers, and Firewalls.
• Experience with current systems software, protocols, and standards.
• Experience in E-Discovery, including content searches and relevant procedures and practices.
• Strong understanding of applicable practices and laws relating to data privacy and protection.

Personal Attributes:

• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues and products as required.
• Ability to present ideas in business-friendly and user-friendly language.
• Highly self-motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.