Security Analyst
About Us
At Fashion Nova, we are dedicated to bringing the customer the latest trends to make them look and feel their best without the high price point. We deliver the hottest styles at lightning-fast speed, ensuring that all are included with FashionNovaCURVE and NovaMEN. Wherever our customer is, we are committed to bringing them the trends they love at the prices they love.
About the Role
As a member of the Information Security team, the Information Security Analyst will report to and work closely with the Sr. Manager, Information Security to manage technical safeguards designed to protect the confidentiality, integrity, and availability of sensitive information and to assess, manage, and remediate security breaches, system vulnerabilities while ensuring compliance with company policies.
The goal of this role is to research, build, analyze, and document repeatable processes and tools that will prevent unauthorized access to sensitive information and proactively monitor various cloud solutions for cyber security incidents.
Additionally, the Information Security Analyst will collaborate with departmental IT staff to apply modern security tools, standards, and methods to networks, operating systems and custom or packaged applications; administers information security systems and tools, conducts technical analysis of problems related to applications and infrastructure; conducts research and evaluation of emerging technologies, tools and methods; recommends solutions to leadership. Provides after-hours support as requested or assigned.
Responsibilities
- Help develop technical solutions and new security tools to mitigate security vulnerabilities and automate repeatable tasks.
- Administer and manage ongoing operations of implemented security tools, vulnerability assessments and remediation of those vulnerabilities.
- Analyze and continuously review output for infrastructure security systems, such as EDR, security events logs, etc.
- Contributes to tool optimization and automation initiatives to streamline analysis and response workflows.
- Identify, triage, and remediate threats based on threat intelligence as well as active analysis of log data.
- Investigate and communicate with peers on the risk posed by these threats.
- Evaluate system, application, and user data for adherence to organizational policies and procedures.
- Assess newly published vulnerabilities and attacker Tactics, Techniques and Procedures (TTPs) to identify possible defensive measures to locate and stop threat actors.
- Participate in identifying risks in new system acquisition and defining mitigating requirements
- Perform targeted information security risk assessments as part of any significant change or project
- Support compliance and documentation tasks, processes, procedures and events as needed. Collaborate in writing comprehensive reports, including assessment-based findings, outcomes, and propositions for further system security enhancements.
- Help configure and troubleshoot security controls (e.g., AWS SGs, FIM, SIEM, etc.)
- Audit data access activities and document relevant findings
Required Skills
- 3+ years in an Information Technology Security role
- 3+ years demonstrated detailed analysis Information Security role
- Experience with installing security software and documenting security issues.
- In‐depth knowledge of security concepts such as cyber‐attacks and techniques, threat vectors, incident management, etc.
- Familiarity with AWS security and products and web-related technologies (strongly desirable.)
- Experience with Linux, Mac, and Windows OS
- Apply critical thinking to all activities and actions, in pursuit of Fashion Nova and Information Security goals.
- Proficient in Incident Management, Response and preparation of reports, dashboards, and documentation
- Understanding of security tools and concepts (VM, IAM, SIEM, EDR, etc.)
- Skilled in vulnerability management and tools such as Qualys.
- Ability to work independently with minimal direction and supervision in a fast‐paced environment
- Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; ability to use standard English grammar and punctuation.
- Ability and willingness to provide after-hours support as assigned or requested.
Preferred Skills
- Experience working with the Cyber Kill Chain Model, MITRE ATT&CK Matrix, and NIST cybersecurity framework.
- Knowledge of CCPA, GDPR, and HIPAA regulations
Benefits
- Employee Discount
- Medical, Dental and Vision Coverage
- 401k Match
- Kitchen stocked with snacks and drinks
- Weekly catered food, fun events, raffles and free FN swag
- Summer Fridays at HQ
- Company Sponsored Parties
- Team bonding events and programs to strengthen relationships with co-workers
Fashion Nova, Inc. is an equal opportunity employer committed to a diverse workplace environment.
#LI-JM1