Senior Information Security Analyst

Duties and Responsibilities

Assesses information risk and facilitates remediation of identified vulnerabilities with the systems, and applications. Reports on findings and recommendations for corrective action. Performs vulnerability assessments as assigned utilizing IT security tools and methodologies. Performs assessments of the IT security/risk posture within the IT network, systems, and software applications, in addition to assessments within the Vendor Management Program. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and vendors regarding the security maintenance of their systems and applications. Provides weekly project status reports, including outstanding issues. The IT Security/Risk Analyst assists in all IT audits, IT risk assessments and regulatory compliance.

• Management of IT security and IT risk (e.g., data systems, network and/or web) across the enterprise.
• Address questions from internal and external audits and examinations.
• Develop policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including but not limited to PCI, and/or NIST.
• Facilitate IT security/risk training curriculum.
• Serve as project manager/lead within IT security projects.
• Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise.
• Leverage security data from internal sources (IDS, routers, SIMS, Firewalls, hosts) and external sources (Industry portals, threat intel feeds, etc..) to identify high priority alerts and develop/implement proactive mitigations.
• Review security incidents; determine their severity and impact.
• Forensic analysis; analysis of compromised machines and analysis of network traffic and log data.
• Implement and maintain information resources security; recommend enhancements to security process, procedures, and policies.
• Knowledge using Microsoft 365 and Azure tools, including Microsoft Defender suite.
• Participate in security incident management and vulnerability management processes.
• Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats.
• Communicate effectively with customers, teammates, and management.
• Provide input on tuning and optimization of security systems.
• Staying up to date with emerging security threats including applicable regulatory security requirements.
• Other responsibilities and additional duties as assigned by the management team.

Qualifications

• Bachelor’s degree, Information Systems, Computer Sciences, Information Security, Information Systems, Engineering, Sciences, or related field.
• 5+ years of Information Security or security analysis, deployment, and support.
• 4+ years’ experience conducting IT compliance assessments.
• 4+ years’ experience in administering IT security controls in an organization.
• Certified Information System Security Professional or related certification.
• Knowledge of IT including multiple operating systems and system administration skills (Windows, Linux)
• Knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.
• Understanding of security incident management, malware management and vulnerability management processes.
• Understanding of PCI requirements and other security standards.
• Security monitoring experience.
• Excellent analytical abilities, including process analysis and development, problem solving and root cause analysis.
• Ability to interpret log data and draw analytical conclusions.
• Experience or understanding of computer programming and scripting languages.
• Experience with open-source security analysis tools, Wireshark, SNORT, Sift, etc.
• Experience with web content filtering technology – Policy engineering and troubleshooting.
• Understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTPS, SFTP, LDAP, etc.
• Strong organization, attention to detail, proven track record in managing multiple initiatives.
• Strong confidentiality assessment and ethic.
• Strong team and communication skills; collaboration, negotiation, written and in-person interaction, presentation to small or large group, people management and conflict resolution ability.
• On call/after-hours availability to respond to security situations as required by management.

We encourage you to apply even if you do not meet 100% of the qualifications