Analyst, Information Security
Deluxe Entertainment Services Group Inc. is a global leader in media and entertainment services for film, video and online content, from capture to consumption. Since 1915, Deluxe has been the trusted partner for the world’s most successful Hollywood studios, independent film companies, TV networks, exhibitors, advertisers and others, offering best-in-class solutions in production, post-production, distribution, asset and workflow management, and new digital solution-based technologies.
With operations in Los Angeles, New York and around the globe, the company employs over 8,600 of the most talented, highly honored and recognized artists and industry veterans worldwide. Deluxe is a wholly owned subsidiary of MacAndrews & Forbes Holdings Inc. For more information, please visit www.bydeluxe.com
We currently have an opening for an Analyst, Information Security. This position will be located in Burbank, CA.
Provide information security services to Deluxe business units worldwide with special emphasis on:
• Systems and Network Security
• Incident Response
• Vulnerability Assessment and Penetration Testing
• Malware Analysis, Software Reverse Engineering
• Computer Forensics
• Reporting and Metrics
• Perform application and web based security vulnerability assessments and penetration tests in accordance with industry accepted methods, protocols, and tools.
• Prepare operational test environments for network penetration and network attack scenarios.
• Develop detailed work plans, schedules, resource plans for recurring vulnerability and penetration tests.
• Prepare post-test analysis and reporting of penetration and vulnerability testing activities.
• Manage the day to day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, research and document global threats to EIT teams, and communicate residual risk.
• Perform static and dynamic analysis, reverse engineering, and debugging of malware samples using industry recognized tools including defeating anti debugging, packing, and obfuscation techniques
• Forensically secure, preserve, capture, and analyze data from volatile memory and physical disks from laptops, desktop computers, servers, and mobile devices.
• Perform in-depth forensic analysis of captured data, network traffic, volatile memory, and host images to identify indicators of compromise and develop actionable threat intelligence.
• Monitor and analyze enterprise network and host based sensor data originating from IDS/IPS, AD Domain Controllers, Endpoint Security Solution, SIEM, and Firewalls.
• Perform additional Information Security related duties as assigned.
• B.A. or B.S. in Computer Science preferred.
• 1 year of experience in Information Security related role.
• Offensive Security Certified Professional (OSCP), EnCase Certified Examiner (EnCE) preferred.
• Certified Expert Penetration Tester (CEPT), GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Reverse Engineering Examiner (CREA)
• Network Security subject matter expert with experience and knowledge of application, web and network penetration testing and associated methodology, including vulnerability assessment, attack vectors, and industry recognized open source and commercially available tools.
• Strong knowledge and experience of Windows Operating System Internals (Kernel, Registry, File systems (NTFS, FAT), Windows APIs)
• In-depth knowledge of Linux, Unix operating systems. Kali Linux experience a plus.
• In-depth knowledge of networking and communication protocols and devices (routers, switches, firewalls)
• Strong proficiency in x86 Assembly, Python, Powershell, Bash, EnScript, C#
o C++, C preferred
• Strong proficiency in EnCase Forensic software
• Strong proficiency in Development IDE’s, Visual Studio, Codeblocks, Eclipse, PyCharm
• Strong proficiency in Debugging platforms, IDA Pro, OllyDbg, x64dbg, gdb
• Strong proficiency in Vulnerability scanning tools, Burp Suite, Nexpose, Nessus
• Proficiency in virtualization technologies, such as VMWare and VirtualBox
• Excellent written and verbal communication, organized thought processes, polite and respectful of others, adapts presentations to the audience, aware of confidential nature of information.
• Thoroughly thinks out and evaluates alternatives, innovative problem resolution, pro-active approach, initiative to resolve problems.
• Produce high quality oral and written work product presenting complex technical matters clearly and concisely.
• Excellent problem solving skills.
• Works with little direction and supervision, timely completion of projects, makes time for unplanned assignments, adapts to changing priorities.
• Perceived fairness; tolerance; honesty; confidentiality; consistent in application of policies and procedures.
We offer competitive pay and benefits program including medical, dental & vision coverage, vacation & sick leave, 401(k), and more.
Deluxe’s policy is to provide equal employment opportunities to all applicants and employees. Applicants will receive consideration for employment without regard to, and will not be discriminated against, on the basis of race, color, religion, creed, national origin or ancestry, sex, age, physical or mental disability, veteran status, sexual orientation, gender identity or expression, genetic information or any other legally recognized protected basis under federal, state or local laws, regulations or ordinances. Deluxe will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable local, state and federal law.
Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Deluxe. Please inform the company's personnel representative if you need assistance completing any forms or to otherwise participate in the application process.