Full Job Description
Yext (NYSE: YEXT) is building the next big thing in AI search, and the next big thing is answers.
With the explosion of information and data online, search has never been more important. However, while the world of consumer search has innovated over time, enterprise search has not. In fact, the majority of enterprise search is powered by outdated keyword technology that only scans for keywords and delivers a list of hyperlinks rather than actually answering questions. Yext, the AI Search Company, offers a modern, AI-powered Answers Platform that understands natural language so that when people ask questions about a business online they get direct answers – not links.
We have a big, audacious mission to transform the enterprise with AI search. To achieve that, we need bright minds and diverse perspectives to join our growing company and help us continue to disrupt an industry. Does this sound like you?
Yext is actively seeking a Sr. Analyst, Information Security reporting into the Director of Information Security, Risk and Compliance. This role is critical to mapping our Information security strategy with Security disciplines and compliance requirements. This role will focus on the company's Vendor management process, participate in security incident management, monitor intrusion detection, and prevention system logs within SIEM, perform information systems auditing, manage and monitor desktop security incidents.
The Ideal candidates will have a deep understanding of security fundamentals, technology, applications, managed services, industry best practices, business processes and architectural frameworks and patterns to drive security maturity and privacy initiatives that meet Yext's security objectives. They will be a security generalist with impeccable judgment and discretion, excellent troubleshooting skills, deep understanding of network and information security issues, and solid experience in many of the following areas:
What You'll Do
⦁ Executing implementation, design, and execution of third party risk related projects at a professional services firm or enterprise;
⦁ Understanding technical and operational standard industry practices involving third party risk management regulations/standards to build programs, risk assessments and business processes;
⦁ Maintain vendor tracking list and/or database containing important contract dates and milestones and input/track in Company's risk management system, as applicable.
⦁ Understanding common Third-party risk-related issues currently faced in one or more industry sectors; and, conducting quantitative and qualitative analyses of large and complex data.
⦁ Support company's efforts to adopt security practices consistent with various frameworks, most commonly the NIST Cybersecurity Framework
⦁ Perform security monitoring and incident response of cybersecurity events for proper determination of being considered a cybersecurity event.
⦁ Research and develop security testing techniques, and processes to support security assessments
⦁ Ability to conduct packet level analysis on the session and surrounding traffic of an IDS alert
⦁ Capability to perform basic IDS (Snort, Suricata, Bro/Zeek, etc.) rule creation and tuning based on indicators in network traffic
⦁ Research security enhancements and make recommendations to management
⦁ Work collaboratively with other company members and internal senior management
⦁ Basic technical writing skills for incident report writing, customer interaction, and process documentation
What You Have
⦁ Bachelor's Degree in Information Technology or related field of study.
⦁ 5+ years of relevant work experience in infrastructure or Security Engineering including management of technical teams.
⦁ Good understanding of modern security frameworks and offensive security toolkits.
⦁ Self-motivated team player that is energetic, with excellent interpersonal, organizational, and conflict-resolution skills
⦁ Strong problem-solving, critical thinking, and analytical skills.
⦁ A high degree of flexibility, independence, initiative, and detail orientation.
⦁ Ability to present complex ideas in easy-to-understand language.
⦁ Desire and ability to learn on a continual basis and quickly apply that learning to client activities; strong desire to take ownership of initiatives
⦁ Strong written and verbal communication skills
⦁ Industry certification(s) strongly preferred (A+, Security+, Network +, SSCP, etc.)
⦁ Understanding of basic risk assessment approaches/methodologies
Yext is committed to building an inclusive and diverse culture where every person is seen, heard and valued. We believe in equal employment opportunity and welcome employees and applicants of all races, colors, ethnicities, religions, creeds, national origins, ancestries, genetics, sexes, pregnancy or childbirth, sexual orientations, genders (including gender identity or nonbinary or nonconformity and/or status as a trans individual), ages, physical or mental disabilities, citizenships, marital, parental and/or familial status, past, current or prospective service in the uniformed services, or any characteristic protected under applicable law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you require a reasonable accommodation in completing this application, interviewing, or participating in the employee selection process, please complete this form.