IAT Insurance Group (“IAT”) is a privately held global insurance company, headquartered in Raleigh, North Carolina, providing a wide range of property and casualty insurance products meeting the needs of individuals and businesses. IAT consists of four operating divisions, each sharing the same quality standards, commitment to service and innovation, and an overall mission of excellence. As an organization, we leverage our experienced leadership, sound analytics, proven operating platforms and extensive risk capabilities across the entire enterprise to deliver specialized, sustainable solutions for our customers.
With thirteen office locations, IAT has a large footprint throughout the United States. As a privately owned organization, consisting of more than six hundred employees, we are able to act strategically within an ever-changing marketplace. We are large enough to make a difference in the industry but small enough to be agile and nimble. Our focus includes meeting customer needs and fostering an exceptional agent and broker network to serve clients.
Furthermore, we strive to provide an environment where our employees feel empowered, challenged and valued. Not only does IAT provide a dynamic workplace, we also provide competitive total compensation packages and great benefits, including but not limited to medical, dental, and vision insurance, a generous time off policy, company provided life and disability insurance, a lucrative 401k company match, and incentive plans.
IAT has an immediate opening for an Information Security Analyst at any of our IAT office locations. This role is a great opportunity for someone with strong security monitoring or strong security assessment experience with an equally strong desire gain significant and quality exposure to all aspects of operational and application security.
Responsibilities include but are not limited to:
- Continuous network security monitoring or security assessments including vulnerability assessment and penetration testing.
- Evaluate, select, administer and monitor network security infrastructure designed to prevent and detect security events.
- Perform periodic automated and manual security vulnerability assessments and penetration testing to identify patch, configuration and code related security vulnerabilities using commercial and open source tools.
- Collaborate with network and systems administrators and software developers to address security vulnerabilities using a risk-based approach offering clear and concise remediation advice including the design of effective compensating controls.
- Monitor network, endpoint, and application security events using a security information and event management solution and participate in incident detection and response activities including endpoint and network forensic analysis.
- Configure and monitor network security infrastructure to prevent and detect anomalous network, endpoint and end user activity, i.e. firewalls, intrusion detection/prevention systems, http(s) and dns proxies, identity and privileged access management solutions, etc.
- Evaluate suspicious email, links and attachments and take measures to mitigate their impact on availability and productivity.
- Assist with performing routine reviews to ensure compliance with security policy, legal or regulatory requirements, and industry accepted standards.
- Participate in or lead Information security projects or department initiatives as required.
- Travel – Less than 15 percent annually including training and corporate events.
- Performs other duties as assigned.
- Bachelor’s degree in computer science or related field or equivalent professional experience.
- 3+ years performing network security monitoring activities or 3+ years performing network and application security assessments including penetration testing.
- Equivalent professional experience is defined as a minimum of 7 plus years of related experience performing network security monitoring activities or performing network and application security assessments including penetration testing.
- Candidates with security assessment experience should have exposure to both network and web application security assessments.
- Candidates with network security monitoring experience should have SOC experience within industry or with a MSSP.
- Strong communication skills.
- Strong problem solving, analytical skills and organizational skills.
- Self-motivation and the ability to work under minimal supervision are a must.
- GCIA, GNFA, GMON, GPEN, GWAPT, OSCP, OSCE or a strong desire to train and achieve certification are preferred.
- Ability to automate tasks using scripting languages such as PowerShell, Python and/or Bash – proven automation skills is strongly preferred.
- Experience implementing one or more Center for Internet Security Critical Security Controls (CIS CSC) is strongly preferred.
- To qualify, all applicants must be authorized to work in the United States and must not require, now or in the future, VISA sponsorship for employment purposes.
We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing. We participate in E-Verify.