Information Security Analyst

Position Summary

Information Security Analysts are responsible for improving the overall security posture of the organization. They evaluate, test and document security solutions and controls, and recommend modifications and enhancements to ensure the organization is evolving with the threat landscape. They will work closely with the CISO and other IT team members to remediate risk while ensuring the business is able to innovate.

Essential Functions and Duties

Threat and Vulnerability Management

• Perform security standards testing against our current environment as well as before implementation of new assets and applications to ensure security standards are met.
• Identify potential weaknesses and vulnerabilities on assets (i.e., end points, applications, users, and cloud), validate them via exploitation, and report their findings.
• Work closely with the IT Infrastructure and Applications teams to prioritize and remediate vulnerabilities and weaknesses.
• Stay current with the evolving threat landscape.

Security Event and Incident Response

• Conduct network monitoring and intrusion detection analysis as well as log-based and endpoint-based threat detection to detect and protect against threats.
• Correlates network, cloud and endpoint activity across environments to identify attacks and unauthorized use.
• Researches emerging threats and vulnerabilities to aid in the identification of incidents.
• Work with both external and internal incident response teammates to manage, contain and report security incidents. This may include involvement outside of regular work hours.
• Evaluate the effectiveness of current MDR solutions and propose improvements.

General Duties

• Adheres specifically to all company policies and procedures, Federal and State regulations and laws.
• Display dedication to position responsibilities and achieve assigned goals and objectives.
• Represent the Company in a professional manner and appearance at all times.
• Understand and internalize the Company’s purpose; Display loyalty to the Company and its organizational values.
• Display enthusiasm and dedication to learning how to be more effective on the job and share knowledge with others.
• Work effectively with co-workers, internal and external customers and others by sharing ideas in a constructive and positive manner; listen to and objectively consider ideas and suggestions from others; keep commitments; keep others informed of work progress, timetables, and issues; address problems and issues constructively to find mutually acceptable and practical business solutions; address others by name, title, or other respectful identifier, and; respect the diversity of our work force in actions, words, and deeds.
• Comply with the policies and procedures stated in the Injury and Illness Prevention Program by always working in a safe manner and immediately reporting any injury, safety hazard, or program violation.
• Ensure conduct is consistent with all Compliance Program Policies and procedures when engaging in any activity on behalf of the company. Immediately report any concerns or violations.
• Other duties as assigned.

Up to 10% travel required.

Education, Knowledge, Skills and Experience

Required Education:

• Bachelor’s Degree in Computer Science or a related field of study; or four (4) years of relevant experience in lieu of degree.

Required Knowledge:

• General knowledge of concepts, practices and procedures related to vulnerability and threat management.
• General knowledge of concepts, practices and procedures related to Incident Response including expertise in system monitoring and analysis.
• General knowledge of concepts, practices and procedures related to penetration testing.
• Knowledge of securing multiple computing platforms with a focus on Windows and Linux.
• Experience with change and project management.

Preferred Knowledge:

• Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, and other network and system monitoring tools.
• General knowledge of concepts, practices and procedures related to cloud platform security; Google Cloud Platform (preferred), Amazon Web Services, or Microsoft Azure.
• Experience working with DevOps and application teams.
• Knowledge of serverless and container-based solutions.
• Experience securing open-source applications and/or web application penetration testing.
• Experience translating IT risk to business risk.

Required Experience:

• At least two (2) years [six (6) for non-degreed candidates] of experience in the Information Technology field outside of helpdesk.

Preferred Experience:

• At least two (2) years of experience in cybersecurity; or at least five (5) years of experience in the Information Technology field outside of helpdesk.

Required Skills:

• Must have strong organizational skills.
• Must have a detail orientation and the proven ability to prioritize work.
• Must have effective verbal and written communication skills.
• Must have the ability to work with limited supervision and as part of a team.
• Must have effective decision-making abilities.
• Must leverage both strategic and tactical thinking.
• Must work calmly under pressure even with tight deadlines.
• Must act with integrity, take pride in one’s work, and seek to excel.

Preferred Professional Certifications:

• Comptia Security+, Network+, or PentTest+
• SANS GSEC or GISF
• ISACA Cybersecurity Fundamentals
• ISC2 Associate or SSCP

Physical requirements

Vision, hearing, speech, movements requiring the use of wrists, hands and/or fingers. Must have the ability to view a computer screen for long periods and the ability to sit for extended periods. Must have the ability to work the hours and days required to complete the essential functions of the position, as scheduled. The employee occasionally lifts up to 20 lbs. and occasionally kneels and bends. Must have the ability to travel occasionally. Working condition include normal office setting.

Mental Demands

Learning, thinking, concentration and the ability to work under pressure, particularly during busy times. Must be able to pay close attention to detail and be able to work as a member of a team to ensure excellent customer service. Must have the ability to interact effectively with co-workers and customers, and exercise self-control and diplomacy in customer and employee relations’ situations. Must have the ability to exercise discretion as well as appropriate judgments when necessary. Must be proactive in finding solutions.

Direct Reports

None

EEO/AAP Statement

FFF Enterprises/ NuFactor is an equal opportunity employer to all and prohibits discrimination and harassment based on the following characteristics: race, color, caste, religion, religious creed (including religious dress and grooming practices), national origin, ancestry, citizenship, physical or mental disability, medical condition (including cancer and genetic conditions), genetic information, marital status, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender, gender identity, gender expression, age (40 years and over), sexual orientation, veteran or military status, medical leave or other types of protected leave (requesting or approved for leave under the Family and Medical Leave Act or any state protected leaves), domestic violence victim status, political affiliation, reproductive health decision-making, and any other characteristic protected by state or federal anti-discrimination law covering employment. These categories are defined according to Government Code section 12920. The Company prohibits unlawful discrimination based on the perception that anyone has any of those characteristics or is associated with a person who has or is perceived as having any of those characteristics.