Security Analyst

NCL Corporation  Miami, FL
Act as the lead technical subject matter expert on all security matters within the company. Architect, design, deploy, administer and maintain information security systems/architecture utilizing a thorough understanding of available technology, tools, and techniques. Evaluate, implement, and maintain security standards and practices with direction from Information Security Management. 

Establish Information Security Standards, Technologies, Patterns, Reference Architectures and Best Practices. 
Provide leadership and security expertise to project design, development, testing and deployment teams to ensure that all applications meet security requirements and are coded in a secure manner. 
Ensure that all systems, applications, endpoints, and networks have appropriate and adequate security controls in place, and create structures to ensure the ongoing maintenance and effectiveness of these controls. 
Gain widespread support and compliance with information security requirements & standards. Regularly monitor compliance through log reviews; respond to intrusion alerts, etc. 
Serve as technical subject matter expert on the Incident Response Team in responding to various security incidents such as denial of service attacks, virus/worm infestations, security breaches and questionable internal activities. 
Working with IT Leadership and the Security Architecture team, research, recommend, and evaluate commercial information security products and services to determine which of these should be adopted by or tested by the company. 

Provide special technical guidance and recommendations to co-workers about the risks and control measures associated with new and emerging information system technologies as needed. 
Participate as the technical subject matter expert in periodic information systems risk assessments and code reviews, including those of new or significantly enhanced business applications and their underlying supporting infrastructures. 
Assist in the preparation and periodic update of information security policies, architectures, standards, reports and other technical requirements documents needed to enhance security. 
Assist in leadership in the development of detailed proposals and plans for new information security systems that would reduce operational risk, augment the capabilities or enable new capabilities for the company. 

Assist with the research, evaluation, selection, installation, configuration and adoption of automated tools that enforce or monitor the compliance with information security policies, procedures, standards, and similar information security requirements. 
Identify and determine causes of security violations and verify/assist in the corrective actions to assure data and application security. 
Interact with internal and external auditors as needed to ensure regulatory and policy compliance. 
Perform other job related functions as assigned. 

EDUCATION : Bachelor’s Degree in Computer Science or related field of study; or any equivalent combination of relevant work experience and training 

EXPERIENCE : 3-5 years experience in an enterprise security architecture role. 3 years of experience with commercial and open source security applications and technologies (e.g. malware prevention, DLP, IDS/IDP, cryptography, vulnerability scanning and penetration testing), as well as related protocols and tools (e.g. SSH, SSL/TLS, snort, port scanners, rootkit detectors, etc.). 2 years of experience performing network and application security penetration testing and/or threat assessments. 

KNOWLEDGE & SKILLS : Experience implementing and operating technologies such as Websense, Tipping Point, Blue Coat, Cisco IOS, IDS/IPS, anti-virus software, advanced anti-malware prevention, and MS Windows Server, Unix/Linux systems, Windows desktop systems and Mac O/S. Knowledge of mobile (phone and tablet) device security and application security is also required. Extensive knowledge and hands-on experience with secure web application architecture, design, and coding techniques. Demonstrated understanding of security business controls, strategies, and methodologies as well as knowledge and experience with at least some of the following technologies; firewalls; intrusion detection; directory services; web access controls; advanced authentication methods; public key infrastructure (PKI); VPN; TCP/IP; anti-virus, single sign on; and audit; diagnostics, and forensic tools. 

Strong background in data protection via PKI and various other encryption methods. Experienced in creating secure & compliant services and applications supporting a range of regulations, including but not limited to, PCI-DSS and PABP, SOX, FACTA & FACTA red flags provisions, US state data privacy, and GLBA. Must have extensive experience with the current regulatory environment including as Sarbanes-Oxley, PCI-DSS, GLBA, etc. Experience conducting code reviews in Perl, Python, Ruby, Java, Java Swing, HTML, XML, CSS, ASP, ASP.NET, Cold Fusion, Oracle, T-SQL, SQL and/or other languages. 

Hands-on experience using enterprise web scanning tools (Nexpose & AppScan experience preferred). Knowledge of threat modeling or other risk identification techniques. Must be able to work at a high technical level of all phases of architectural design and implementation by processing a broad understanding of networks, computers, communication systems, threats and vulnerabilities and their interrelationships. Must be able to prepare and present detailed technical documents and presentations as needed. 


Norwegian Cruise Line Holdings Ltd. and its subsidiaries are equal opportunity employers, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristics protected by law. EEO is the law | EEO is the law GINA Supplement 

Applicants have rights under Federal Employment Laws. FMLA | EPPA | Job Safety and Health: It’s the Law


Leave a Reply