The MSRB is looking for a driven, eager, and curious Information Security Analyst with at least three to five years of security or technology experience. We welcome candidates with strong cloud, web application, system or network administration, or other technology backgrounds looking to make a switch to a dedicated security role.

We expect our team members to demonstrate technical proficiency as well as strong communication and collaboration abilities. The Security Analyst will contribute directly to hands-on, operational Information Security processes. Candidates should demonstrate foundational knowledge and understanding of Information Security or technology principles, frameworks, and concepts and a desire to learn and grow.

The Information Security Analyst is responsible for securing the MSRB by supporting existing controls and processes across multiple dimensions and domains, including MSRB Web Applications, Cloud environments, networks, SaaS platforms, and enterprise systems. The analyst will support operational security processes by triaging our security alerts, phishing reports, vulnerabilities, and end-user requests. The analyst will also perform routine maintenance and troubleshooting of security tools and platforms. We expect the Analyst to work effectively with internal stakeholders, including the Information Security team, MSRB leadership, developers, system, database, and network administrators.

The Analyst will assist with implementing new tools and controls, enhancing existing controls, and monitoring the evolving threat environment to make informed recommendations and changes. The Analyst may also contribute to incident response efforts, education, training, policy, and governance initiatives.

Essential Duties and Responsibilities:

1. Operational Support:

• • Directly triage and respond to security alerts, phishing reports, and end-user requests on a regular basis.
  • Identify and resolve issues in MSRB controls, systems, and applications.
  • Support maintenance and troubleshooting activities for the Information Security program, including maintenance related to visibility, logging, SIEM, and anti-malware controls
  • Support vulnerability management processes, such as scanning, assessments, penetration testing, and remediation efforts.

2. Continuous Improvement and Attack Surface Reduction:

• • Identify and implement improvements in vulnerability management, anti-malware and SIEM platforms.
  • Assist with implementation of new security tools and controls to enhance the organization's security posture.
  • Proactively monitor and understand the evolving threat environment and cybersecurity developments.

3. Enterprise Security:

• • Apply expertise in enterprise security, including networking and security measures for systems in physical offices, end-user laptops, conference room computers, etc.
  • Identify configuration issues and improvement opportunities.
  • Lead and assist defense-in-depth efforts.
  • Review and improve security-related SaaS configurations.
  • Assist with Identity and Access Management efforts, including access reviews and implementation of least privilege.

1. Communication, Education, and Security Awareness:

• • Assist with incident response efforts.
  • Assist with selection and management of security awareness courses, simulated phishing campaigns, and other routine education exercises.
  • Communicate security policies and best practices to end-users, fostering a security-conscious culture.
  • Assist staff with monitoring for and ensuring compliance with security policies, procedures, standards, and guidelines.
  • Educate staff on associated risks and benefits of technologies.