The Senior Information Security Analyst’s primary responsibilities include data loss prevention, incident response, infrastructure security compliance, vulnerability identification and remediation, threat hunting, and application security.
The incumbent works with the Information Technology team and the business to support secure information process and technology.
- Participate as part of the Information Security Operations team. Some after hours and weekend work required.
- Act as part of the Cyber-Incident response team.
- Make recommendations to management on enhancements to existing and new security hardware, software or related tools. Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools.
- Perform risk analysis for corporate functional and technical areas relevant to data security.
- Configure, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to IDS/IPS (Host/Network/Wireless), secure file transfer, DLP, full disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, application whitelisting, vulnerability management, threat hunting, etc.
- Ensure security best practices are identified and integrated into all facets of the project including network, system designs/configuration, and implementations.
- Identify and recommend potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key security risks. Partner with various business units to enhance security policies/procedures.
- Create and maintain data security documentation, policies and procedures.
- Assists in the identification, response, investigation, and remediation of potential breaches of and issues surrounding data security.
- Responsible for executing programs for user awareness, compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.
- Responsible for providing support during off hours in an on-call rotation.
- Provide technical guidance on security/privacy policies and standard development and Subject Matter Expert (SME) to enterprise architects and other technologists.
- Responsible for supporting programs for compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.
- Perform other job related functions as assigned.
- BS. Degree required in Computer Science, Information Technology, or related field of study; or any equivalent combination of relevant background, skills and experience.
- 5+ year’s relevant experience in Information Security in medium to large organizations.
- One or more security certifications such as CISSP, CISA, SANS GIAC, or relevant security certification(s) required. Additional technology certifications such as MCSE, CCNA/CCNP, PMP, etc. preferred.
- Hands-on experience with two or more of the following: data loss prevention technologies, incident response and remediation, network security services, ethical hacking and vulnerability scanning, firewall and intrusion detection technologies.
- Other complimentary skills include: application development background and strong working knowledge of security code review processes.
- High degree of proficiency MS Office Suite, Outlook & Internet applications.
- Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills
- Strong verbal and written communication skills.
- Strong negotiation/mediation skills.
- Demonstrated collaborative skills and ability to work well within a team.
- Ability to work with and influence senior management.
- Ability to work in a fast-paced and deadline-oriented environment.
- Self-motivated with critical attention to detail, deadlines and reporting.
Next Possible Position:
Information Security Team Lead
- Extended working hours may be required as dictated by management and business needs.
- Ability to travel (25%) to multiple facilities as business needs dictate.
- May be required to lift, push, or pull materials weighing up to twenty (20) pounds.
- May be required to sit and review information on a computer screen for long periods of time.
- May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard.