Eastman Kodak Company has an exciting opening available now for an IT Security Analyst. Ideally, this individual will work out of our Corporate Headquarters in Rochester, NY, but we are open to this person working out of Atlanta, GA as well.
The Security Analyst will work as a member of the security team reporting to the CISO/Director of Enterprise Architecture. This person will support the Enterprise by reviewing projects, supporting operations, and promoting secure IT practices.
- Performs security reviews for projects, contracts, third parties, and operations to assess planned or current compliance to external standards such as SOX and PCI, and to Kodak’s internal control standards.
- Help acquire and/develop education materials for IT security training and awareness. Work with communications and training organizations as needed.
- Perform investigations for security incidents, ranging from local issues up Enterprise issues. Support corporate security investigations and perform forensic data preservation when needed.
- Work with operations teams to utilize IT Security tools such as endpoint security, Intrusion detection/prevention, Security SIEM consoles, Data Leak Prevention.
- Work with application developers to promote secure coding techniques, and to incorporate security into application architecture.
- Keep current with IT Security industry knowledge, and bring innovation and adaptability to Kodak’s security practices.
- Research security standards, security systems and authentication protocols
- Actively engage in continuous improvement, recommend alternative processes, solutions, tools that may improve operational efficiencies.
- Actively adapt Industry and Kodak IT security practices to new situations or technologies
- Provide accurate and detailed written reports to support projects and technologies
- Provide presentations on relevant topics to all levels of the organization
- Bachelor’s degree in Information Technology / Systems or equivalent work experience
- 4-5 years’ experience in IT with a focus on IT Security
- Knowledge of industry IT security and risk frameworks and standards (NIST 800, COBIT)
- Knowledge of authentication, authorization and encryption
- Knowledge of the CVE vulnerabilities library, vulnerability and risk assessment
- Knowledge of tiered application architectures, web applications, mobile applications, and desktop applications
- Knowledge of secure application development, coding, and DevOPS with some programming experience
- Knowledge of techniques for securing cloud environments and applications
- Knowledge of IT operations Unix (Linux) and Windows systems administration,
- Understand Windows Active Directory, LDAP
- Knowledge of public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
- Knowledge about Network protocols
- Understanding the Risks of mobile device use in the Enterprise (Mobile device management, securing mobile devices, Bring Your Own Device
- Understanding of how to evaluate and secure Software As A Service solutions, hosted solutions, outsource providers, and other external IT solution arrangements
- Certifications in IT and security (i.e. CISSP, CISA, CCSP, SANS) desirable
- Excellent work ethic, self-starter, strong interpersonal skills
- Willing to respond to security -related incidents (off hours) and provide a thorough post-event analysis
- Expertise in setting and managing user expectations
- Proactive, high energy, and strong work ethic
- Strong communications skills
- Ability and comfort to speak and write with people at all levels of the organization
- Experience working in a matrixed organization
- Ability to achieve consensus across multiple teams
Minimum Education Level
Bachelors Degree or Equivalent Work Experience