Picture yourself building a successful career at NetSuite—working alongside other talented, driven individuals to help fast-growing mid-size organizations and larger enterprises achieve their business goals with the world's #1 cloud-based business management suite for ERP/financials, CRM, ecommerce and more.
Founded in 1998 by Oracle CEO Larry Ellison and NetSuite CTO and Chairman Evan Goldberg, NetSuite (NYSE: N) is used by more than 16,000 high-growth and midsized companies and divisions of large enterprises to run mission-critical operations without the high costs and inefficiency of on-premise systems. Named by Gartner as the world's fastest-growing financial management vendor on a global basis and winner of 2 prestigious 2013 CODiE award for Best Financial Management Solution and Best Cloud Infrastructure, NetSuite is where business is going.
If you'd like to join our dynamic, driven and fun team, click on the Apply Now button below.
This is a full time position to work directly with internal staff and Information Security to establish and enforce information security best practices, protect internal systems, improve processes and information security controls by assisting with the following types of work.
- Security Infrastructure—Design, develop, support components of the security infrastructure
- Security Awareness—Create security awareness training, communications, and resources
- Security Consultation—Resolve internal and external customer questions related to security issues, vendors, solutions, or applications
- Security Assessment—Review a specific vendor or solution and define security requirements to gain security approval to use at NetSuite
- Security Testing—Perform penetration tests, PCI tests, threat analysis, and environment analysis
- Security Compliance—Assist with compliance activities for SOX, PCI, ISO or other audits; Includes such activities as Quarterly ACL review, Quarterly Privileged Access review
- Security Policies—Create or update security policies, procedures, standards, and guidelines
- Incident Response—Provide tier 2 analytical support to the monitoring team, and respond to security incidents, draft incident reports, and note lessons learned
- On-Call—Up to one Saturday a month, the analyst will need to login to email at least 3 times during the day to determine if there are any alerts or issues requiring immediate attention or escalation and respond appropriately
This position requires a person with excellent critical thinking and analytical skills as well as strong written and verbal communication, the ability to multi-task, along with strong project management skills that will facilitate meeting to deadlines on a self–driven basis, and the ability to see security from both the technical and business risk perspectives.
This position requires a minimum of 3 years in Information Security and a minimum of 5 years working within Information Technology. The qualified candidate will have a Bachelor's Degree in Computer Engineering, Computer Science, Electrical Engineering, MIS, or equivalent experience. Recognized industry certification and/or continuing education programs are a major plus.
The following skills are especially useful:
- Strong analytical and problem solving skills, with an ability to assimilate, analyze and correlate large amounts of forensic data from various network, operating system, application, and security devices, logs, and alerts
- Thorough understanding and significant hands-on experience in networking concepts and services such as VPNs, firewalls, NetFlow, 802.1x, etc.
- Experience auditing backend infrastructure including switches, routers, firewalls, proxy servers, and enterprise systems and storage solutions
- Working knowledge of and experience with intrusion detection and prevention (network and host-based) tools, security event and information management (SEIM) tools, and network and system forensics tools
- Practical experience in deployment and management of applied IT security technologies and tools such as two-factor authentication, data loss prevention (DLP) technologies, network access control, centralized endpoint protection, and content filtering
- Working knowledge of current penetration testing and vulnerability assessment tools and techniques for hosts, applications, web applications, and network devices
- Working knowledge of secure coding practices
- Familiarity with code security testing tools and methodologies
Travel: Limited travel related to security activities such as team meetings, penetration testing, investigations, or training