Associate Security Analyst

Our Company:

At impact.com we are passionate about our people, our technology, and are obsessed with customer success. Working together enables us to grow rapidly, win, and serve the largest brands in the world. We use cutting edge technology to solve real-world problems for our clients and continue to pull ahead of the pack as the leading SaaS platform for businesses to automate their partnerships and grow their revenue like never before. We have an entrepreneurial spirit and a culture where ambition and curiosity is rewarded. If you are looking to join a team where your opinion is valued, your contributions are noticed, and enjoy working with fun and talented people from all over the world, then this is the place for you!

impact.com, the world’s leading partnership management platform, is transforming the way businesses manage and optimize all types of partnerships—including traditional rewards affiliates, influencers, commerce content publishers, B2B, and more. The company’s powerful, purpose-built platform makes it easy for businesses to create, manage, and scale an ecosystem of partnerships with the brands and communities that customers trust to make purchases, get information, and entertain themselves at home, at work, or on the go. To learn more about how impact.com’s technology platform and partnerships marketplace is driving revenue growth for global enterprise brands such as Walmart, Uber, Shopify, Lenovo, L’Oreal and Fanatics, visit www.impact.com.

Your Role at Impact:

The Security Analyst is responsible for ensuring that Impact’s security measures meet the highest security standards. The Security Analyst actively works with 3rd party vendors, the Infrastructure Squads and the Global Service Desk to provide IT Security support to the organisation. This role is key in delivering Impact’s IT Security threat analysis and incident response.

What You'll Do:

• Good understanding and exposure to Information Security standards, architecture and Models.
• Experience in creating new ways to solve existing production security issues and recommending security enhancements.
• Participate in Cyber Security Incident Response Team (CSIRT) in the identification, containment, eradication, and resolution of security issues.
• Maintain detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the identification and resolution of vulnerabilities and threat vectors.
• Provide recommendations for additional security solutions or enhancements to existing controls, to improve overall enterprise security and “defense in depth” strategy
• Participate in the deployment, integration and initial configuration of all new security solutions as well as enhancements to existing security solutions in accordance with standards and best practices.
• Maintain operational configurations of all IT security solutions as per any established baselines.
• Monitor all security solutions for efficient and appropriate operations.
• Generating trouble tickets and performing initial validation and triage to determine whether incidents are security events using open source intelligence (OSINT).
• Review logs and reports of all devices, whether they are under direct control (i.e., security tools) or indirect control (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.
• Hunt for advanced threats, pivoting on and analysing data to identify malicious behaviours. Perform real-time incident handling, independently following and creating procedures to analyze and contain malicious activity. Collect evidence to include digital media, logs, and malware to perform analysis associated with cyber intrusions.
• Maintain an understanding of attack methodologies and use information operationally. Make recommendations and create or modify processes and procedures based on knowledge of advanced threat behaviors.
• Develops and enhances content and methods for monitoring and incident response, leveraging data extraction techniques for further analysis. Develops and enhances processes, work flows, and documentation. Determine high fidelity behavioural patterns and create content in multiple tools.

What You Have:

• 2 - 5 years' experience in IT related roles; Security and Technical Services experience required
• One or more certifications in: CISSP, SSCP, CEH or similar industry standard certifications 
• Proficiency in Google Cloud Platform and/or Amazon Web Services (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and Data Protection
• Experience across a variety of cloud security products including firewalls, SIEM (Elastic, Splunk), lAM, PAM, DLP, DAM, SOAR and encryption solutions
• Experience with common information technologies (Linux, Windows).
• Knowledge of Cloud Security Operations, Secure Access Service Edge (Cloud Proxy, Zero Trust Access, DLP)
• Experience with Vulnerability and Malware Analysis (threat and attack analysis).
• Proficiency in WAF, Proxy, DNS, IDS, firewalls, anti-virus, data loss prevention, etc. 
• Ability to work in independent environments under aggressive timelines
• Ability to develop and maintain working relationships in a global environment.
• Excellent analytical and problem solving skills 
• Outstanding written skills for preparing reports and briefings.
• Escalating potential risk and internal control weaknesses to management.

Nice to have:

 Affiliate & Partnerships Industry Fundamentals Certification by PXA

Benefits/Perks:

• Casual work environment, including working from home
• Flexible work hours
• Unlimited PTO policy
• Take the time off that you need. We are truly committed to a positive work-life balance, recognising that it is important to be happy and fulfilled in both
•  Paternity/maternity leave
• Training & Development
• Learning the advanced partnership automation products
• Medical Aid and Provident Fund 
• Group schemes with Discovery & Bonitas for medical aid
• Group scheme with Momentum for provident fund
• Restricted Stock Units
• 3-year vesting schedule pending Board approval
• Internet Allowance
• Fitness club fee reimbursements

 

Impact is proud to be an equal opportunity workplace. All employees and applicants for employment shall be given fair treatment and equal employment opportunity regardless of their race, ethnicity or ancestry, color or caste, religion or belief, age, sex (including gender identity, gender reassignment, sexual orientation, pregnancy/maternity), national origin, weight, neurodivergence, disability, marital and civil partnership status, caregiving status, veteran status, genetic information, political affiliation, or other prohibited non-merit factors.

#LI-CT1