Meredith Corporation (NYSE: MDP; meredith.com) has been committed to service journalism for 115 years. Today, Meredith uses multiple distribution platforms — including broadcast television, print, digital, mobile and video — to provide consumers with content they desire and to deliver the messages of its advertising and marketing partners.
Meredith's National Media Group reaches nearly 200 million unduplicated American consumers every month, including 85 percent of U.S. Millennial women. Meredith is a leader in creating content across media platforms and life stages in key consumer interest areas such as celebrity, food, lifestyle, home, parenting, beauty, fashion, news and sports. Meredith also features robust brand licensing activities including more than 3,000 SKUs of branded products at 5,000 Walmart stores across the U.S. and at walmart.com., as well as innovative business-to-business marketing solutions provided by Meredith Xcelerated Marketing.
Meredith's Local Media Group includes 17 television stations reaching more than 11 percent of U.S. households. Meredith's portfolio is concentrated in large, fast-growing markets, with seven stations in the nation's Top 25 and 13 in Top 50 markets. Meredith's stations produce 700 hours of local news and entertainment content each week, and operate leading local digital destinations.
Sr Information Security Ops Engineer
I. Job Summary | Major goals and objectives.
The Sr. Information Security Operations Engineer position helps protect Meredith brands and Meredith client brands against various security risks and attack methods. This individual is a member of the Meredith IT Security team and works cross-functionality to respond to threats that may arise against our technology and application resources.
II. Essential Job Functions
Accountabilities, Actions and Expected Measurable Results
Defend, monitor and respond to security indicators by correlating and analyzing a variety of application, network and host-based security logs across various computing environments (on-premise, cloud, SaaS, etc.) and determine the correct remediation actions and escalation paths for each incident.
Configure, implement, and optimize security protection and detection capabilities such as vulnerability scanning, configuration compliance scanning, firewall reviews, intrusion prevention/detection systems, internet protection and log management infrastructure.
Instrument systems and applications to detect and alert on attacks, and coordinate with security tools and automation to implement automation for detection, escalation and remediation. Perform risk analysis of vulnerabilities and threats, and evaluate efficiency of existing protection and detection mechanisms.
Work with our infrastructure and applications teams to reduce the attack surface and harden configurations, architectures and data storage structures. Design, develop and implement automated incident response methodologies.
Conduct incident response exercise and cyber defense drills to evaluate and improve processes related to threat detection, incident response, patching and remediation. Provide information regarding intrusion events, security incidents, and other threat indications and warning information to teams and leadership as part of incident response.
Author post mortem reports to be provided to senior leadership following an intrusion or red team engagement.
Perform threat hunting exercises using threat intelligence, analysis of anomalous log data and results of historical events and data to detect and respond to threats. Maintain awareness of new and emerging security threats.
Develop anomaly detection dashboards and reports to identify potential threats, suspicious activity and intrusions. Research industry trends, identify ongoing security threats, analyze new security testing tools, and provide recommendations on the need and usefulness of services and/or products. Gather threat intelligence and build, optimize, and develop systems for effective and efficient security response. Consult and provide risk management recommendations, cost analysis based on environment. Develop and design technical recommendations, and execute remediation and mitigation strategies.
Security and compliance operations:
Performs daily operations and execution of security-related tools, processes and controls related to security prevention and defense initiatives. Supports solutions such as network proxies, intrusion detection/prevention systems, remote access, multi-factor authentication, security ev
Help coordinate and drive remediation of identified risks and control deficiencies. Serves as technical and functional subject matter expert across multiple security domains, raising awareness and communicating security risks within the company. Supports and participates in incident response and technical investigations, as needed.
Provide prompt, courteous and professional customer service, and collaborate with business and technology staff to support Meredith Corporation objectives. Serves as technical and functional subject matter expert across multiple security domains, raising awareness and communicating security risks within the company.
Effectively communicate security concepts with both technical and non-technical individuals.
III. Minimum Qualifications and Job Requirements | All must be met to be considered.
Bachelor’s Degree in Information Assurance, Computer Science, Engineering or equivalent education and experience.
Beneficial: Industry certification such as CISSP, GCIA, GCIH, GPEN, GCFA, CEH, CISA, or CISM
Minimum 6 years in Information Security including 3 years’ experience as a member of a Security Operations Center (SOC) or investigating security incidents.
Specific Knowledge, Skills and Abilities:
Working knowledge of IT environments including IT secure architecture, security technologies, security industry trends and direction, system and technology integration, audits, internet security, computer crimes and IT standards, procedures and policies.
Experienced working within a fast-paced incident response team with knowledge of log correlation, forensics, security vulnerabilities and exploits.
Experienced deploying security solutions, architecting detection and response solution to mature capabilities.
Deep understanding of threats, threat actors, and indicator of compromise.
Experienced with maturing strategic and tactical aspects of the Threat Intelligence program.
Knowledge of the chain of custody process and properly securing evidence.
Understanding of OWASP top 10, SANS top 25, and other attack vectors.
Experience with various scripting and programming languages.
Basic knowledge of IT audit and control, governance, asset management, software licensing, product and vendor evaluation, and training delivery.
Working knowledge of IT systems management including change control, software process improvement, and technical writing/documentation.
Experience with regulatory requirements related to SOX, GDPR and PCI.
% Travel Required (Approximate): minimal
U.S. Equal Opportunity Employment Information (Completion is voluntary)
Individuals seeking employment at Meredith Corporation are considered without regards
to race, color, religion, national origin, age, sex, marital status, ancestry, physical
or mental disability, veteran status, gender identity, or sexual orientation. You are
being given the opportunity to provide the following information in order to help us
comply with federal and state Equal Employment Opportunity/Affirmative Action record
keeping, reporting, and other legal requirements.
Completion of the form is entirely voluntary. Whatever your decision,
it will not be considered in the hiring process or thereafter. Any information that you
do provide will be recorded and maintained in a confidential file.
If you believe you belong to any of the categories of protected veterans listed below,
please indicate by making the appropriate selection. As a government contractor
subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this
information in order to measure the effectiveness of the outreach and positive
recruitment efforts we undertake pursuant to VEVRAA. Classification of protected
categories is as follows:
A "disabled veteran" is one of the following: a veteran of the U.S. military, ground,
naval or air service who is entitled to compensation (or who but for the receipt of
military retired pay would be entitled to compensation) under laws administered by the
Secretary of Veterans Affairs; or a person who was discharged or released from active
duty because of a service-connected disability.
A "recently separated veteran" means any veteran during the three-year period beginning
on the date of such veteran's discharge or release from active duty in the U.S.
military, ground, naval, or air service.
An "active duty wartime or campaign badge veteran" means a veteran who served on active
duty in the U.S. military, ground, naval or air service during a war, or in a campaign
or expedition for which a campaign badge has been authorized under the laws
administered by the Department of Defense.
An "Armed forces service medal veteran" means a veteran who, while serving on active
duty in the U.S. military, ground, naval or air service, participated in a United
States military operation for which an Armed Forces service medal was awarded pursuant
to Executive Order 12985.
OMB Control Number 1250-0005
Voluntary Self-Identification of Disability
Why are you being asked to complete this form?
Because we do business with the government, we must reach out to, hire, and provide
equal opportunity to qualified people with disabilities1. To help us
measure how well we are doing, we are asking you to tell us if you have a disability or
if you ever had a disability. Completing this form is voluntary, but we hope that you
will choose to fill it out. If you are applying for a job, any answer you give will be
kept private and will not be used against you in any way.
If you already work for us, your answer will not be used against you in any way.
Because a person may become disabled at any time, we are required to ask all of our
employees to update their information every five years. You may voluntarily
self-identify as having a disability on this form without fear of any punishment
because you did not identify as having a disability earlier.
How do I know if I have a disability?
You are considered to have a disability if you have a physical or mental impairment or
medical condition that substantially limits a major life activity, or if you have a
history or record of such an impairment or medical condition.
Disabilities include, but are not limited to:
Multiple sclerosis (MS)
Missing limbs or partially missing limbs
Post-traumatic stress disorder (PTSD)
Obsessive compulsive disorder
Impairments requiring the use of a wheelchair
Intellectual disability (previously called mental retardation)
Reasonable Accommodation Notice
Federal law requires employers to provide reasonable accommodation to qualified
individuals with disabilities. Please tell us if you require a reasonable accommodation
to apply for a job or to perform your job. Examples of reasonable accommodation
include making a change to the application process or work procedures, providing
documents in an alternate format, using a sign language interpreter, or using
1Section 503 of the Rehabilitation Act of 1973, as amended. For more
information about this form or the equal employment obligations of Federal contractors,
visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs
(OFCCP) website at www.dol.gov/ofccp.
PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons
are required to respond to a collection of information unless such collection displays
a valid OMB control number. This survey should take about 5 minutes to complete.