Senior Information Security Analyst

The Senior Information Security Analyst (ISA) will be a contributing member of the Information Security Office (ISO), in the design, support, and execution of information security solutions and services using a risk based approach.

The ISA will work directly with all QTS business units in support of maintaining and identifying opportunities to improve the information security posture of both QTS and its customers.

The ISA will be an active participant in the daily execution of information security related compliance controls including monitoring, scanning, analysis, reporting, validation, and evidence archival.

Where appropriate, the ISA will serve QTS and its customers in a consultative role as a corporate information security subject matter expert (SME).

Prospective candidates will have solid and proven experience in information security and compliant controlled environments.

Strong time management, organizational, and multi-tasking skills are crucial to ensuring success in this position.

RESPONSIBILITIES, other duties may be assigned.

• Provide technical, business, and information security analysis support in the design, development, and implementation of vulnerability management processes.
• Own and manage roles, groups and permissions within assigned information security tools.
• Organize and prepare various vulnerability scan result outputs and reports.
• Provide statistical reports to management on vulnerability remediation progress.
• Serve as primary contact for technical vendor management for assigned tools.
• Lead the execution, organization, verification, reporting, and evidence archival of User Access Certification campaigns.
• Coordinate multiple vendor and authoritative resource vulnerability notifications to aggregate a weekly internal notification to all QTS technical lines of business.
• Review and analyze daily audit reports for indications of possible information security incidents and indicators of compromise.
• Contribute to the management and scheduling of information security and compliance related vulnerability scans.
• Participate in the vulnerability management process through the review, analysis, validation, reporting, and evidence archival of remediation efforts.
• Provide advice on information security issues related to the systems and workflows at QTS to ensure internal security controls for the organization are appropriate and operating as intended to meet compliance requirements.
• Participate in information security incident response activation as necessary.
• Contribute to the performance of regular corporate risk assessments and business impact analyses.
• Provide information security advice and guidance to Corporate Lines of Business (LOBs).
• Assist management with the development and publishing of Information Security policies, procedures, standards and specifications.
• Participate in Corporate and Client facing audit engagements, as requested, to ensure QTS adherence to applicable standards and compliance initiatives (e.

g. NIST, FedRAMP, PCI DSS, SOC I & SOCII, and others)

• Collaborate with QTS business units and law enforcement agencies to manage security vulnerabilities.
• Participate in the design, review, and support of information security solutions to reduce the Corporation’s risk profile (e.

g. Network / Host IDS, Vulnerability Scanning and Management, & Incident Response)

Conduct security research towards keeping abreast of the latest information security issues; researching and reporting on security trends and emerging industry solutions.

BASIC QUALIFICATIONS

• BS degree in Information Security, Management Information Systems or equivalent professional experience.
• Five or more years of experience in Information Security services, IT audit, and / or Risk Management.
• Completion of at least one (1) security related certification (e.g. CISA, CIA, CFE, CISM,CISSP, SSCP, CEH, CIPP, GIAC or CBCP)
• Two or more years of hands-on operational experience with a GRC platform, preferably Keylight GRC.
• Two or more years of experience delivering on compliant controls related to PCI DSS, FedRAMP, or SOCII.
• Ability to travel up to 25%

PREFERRED QUALIFICATIONS

• A thorough understanding of network and system based attack vectors.
• Solid understanding of information security related concerns in the deployment of firewalls, switches, routers, DNS, IDS / IPS, cloud infrastructure, and log management.
• Working knowledge of various compliance regulations and IT / security frameworks / standards (e.g. PCI DSS, HIPAA, FedRAMP, FFIEC, FINRA, ISO20000, ISO27000, ITILv3, NIST, SAS70).
• Knowledge of the Managed Services Provider industry

KNOWLEDGE, SKILLS AND ABILITIES

• Highly motivated, team oriented individual with excellent oral and written communication skills.
• Strong interpersonal skills to build / maintain ongoing business relationships with employees, vendors, and clients at all levels of an organization.
• A capacity to thrive in a dynamic environment where daily priorities can change frequently.

TOTAL REWARDS

• This role is also eligible for a competitive benefits package that includes : medical, dental, vision, life, and disability insurance;
• 401(k) retirement plan; flexible spending and HSA accounts; paid holidays; paid time off; paid volunteer days; employee assistance program;

tuition assistance; parental leave; military leave assistance; QTS scholarship for dependents; wellness program, and other company benefits.

This position is Bonus eligible.

We conform to all the laws, statutes, and regulations concerning equal employment opportunities and affirmative action. We strongly encourage women, minorities, individuals with disabilities and veterans to apply to all of our job openings.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, or national origin, age, disability status, Genetic Information & Testing, Family & Medical Leave, protected veteran status, or any other characteristic protected by law.

We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.

The "Know Your Rights" Poster is included here :

The pay transparency policy is available here :

QTS is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to and let us know the nature of your request and your contact information.