Senior Information Security Analyst

JOB SUMMARY

Monday-Friday 8am-5pm

The Sr Information Security Analyst is responsible for monitoring, evaluating, and maintaining systems and procedures to safeguard internal information systems, network, databases, and Web-based security. The Analyst will conduct vulnerability assessments and monitors systems, network, databases and web for potential system breaches. Responds to alerts from information security tools. Reports, investigates and resolves security incidents. Recommends and implements changes to enhance systems security and prevent unauthorized access. Researches security trends, new methods and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of system breach. Other tasks may also be required from time to time, at the discretion of management, in order to achieve department and company objectives.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Responsible for monitoring, analyzing, and interpreting security/system logs for events, operational irregularities, and potential incidents and escalating issues as appropriate.
• Responsible for analyzing suspicious emails, phone calls, and other potential security incidents to determine false positives or needs for escalation.
• Responsible for utilizing security tools such as anti-virus, endpoint protection, network analysis, SIEM, and other essential security solutions.
• Provides support to remediate vulnerabilities such as patching, implementing controls to mitigate risk, and ensuring secure configuration of systems.
• Performs regular threat hunting utilizing security tools and intelligence information to identify and remediate potential security threats.
• Perform research and remain aware of new and emerging threats to ensure newly discovered vulnerabilities are addressed.
• Assists with incident response when the incident response team is active. Incident response tasks may be identification, log and event collection and analysis, forensic investigation support, communication support, and evidence handling.
• Maintain and deliver Monthly Security KPI Metrics to CIO and IT Operations management team
• Provide leadership and guidance to the Information Security team.

May be modified from time to time. Other duties, tasks and work may be assigned.

METRICS

• To consistently meet deadlines and objectives as agreed and typically described in quarterly reviews or through other project planning efforts
• To handle ongoing projects and day-to-day demands that are not identified in formal quarterly objectives in a timely and accurate manner
• Adherence to budgets
• Adherence to/achievement of benefits described in project business case (cost/benefit) analyses
• Sr Information Security Analyst will be measured by Monthly Project Completion and Daily metrics.

QUALIFICATIONS

Knowledge of: Operating systems; current equipment and technologies in use; Windows system administration, enterprise backup and recovery procedures, and system performance monitoring tools;

It is essential that candidate possesses or can quickly acquire the necessary knowledge of the following systems, which are crucial to the business:

• Prior hands-on experience in network, system, and/or endpoint security operations required.
• Solid understanding of information technology and information security including; firewalls/UTM’s, IDS/IPS, VPN’s, penetration testing, security event monitoring, and other security systems with an emphasis on threat hunting and log analysis.
• Excellent written and verbal communication skills.
• Exceptional analytical and problem-solving skills; someone who ‘sees’ the box differently.
• Understanding of Security Frameworks; NIST, ISO 27000 and other recognized frameworks
• Understanding of IT infrastructure, information security, and compliance controls.
• SSCP, Security+, or other recognized security certification is preferred.
• Comfortable with multiple, current operating environments.
• Hands-on experience with various security tools.
• Ethical hacking and malware analysis experience is a plus.

KNOWLEDGE & SKILLS REQUIRED

• Work independently with little or no supervision
• Ability to multi-task
• Ability to work at fast pace
• Attention to detail
• Ability to problem solve
• Strong writing and communication skills
• Sensitivity to user needs

EDUCATION & EXPERIENCE

• High School Diploma and/or technical school required
• Five to Seven years related experience and/or training preferred
• Prior supervisory experience
• Technical product knowledge preferred

PHYSICAL DEMANDS

• Work environment includes typical computer related noise levels and paper and equipment generated dust.
• Exposure to video display terminals occurs on a regular basis.
• Incumbent is on call to provide support services during off hours.
• Scheduled night and weekend work are required.
• Occasional Domestic and International travel may be required.
• Occasional sitting, frequent walking, reaching/working overhead, climbing or balancing, stooping, kneeling, crouching or crawling, continuous standing and repetitive hand motion.
• Lifting requirements include occasional lifting of 50 pounds with more frequent lifting of 10 pounds.