The IS Security Analyst (ISA) is responsible for investigating and assisting in corrective actions for IT security incidents as well as maintain security policies, controls and their compliance. The ISA will analyze the escalation of security events providing root cause analysis and study the proliferation of viruses, malware, and prevent hacker intrusion across all IS systems.
- Identify Security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
- Provide technical support in the development, testing, and operation of firewalls, intrusion detection systems, secure web/email gateways, enterprise anti-virus, and SIEM tools.
- Enforce, and communicate security policies and procedures for data, software applications, hardware and telecommunications.
- Monitor security events on a daily basis for suspicious activities and identify potential security threats and violations using a SIEM and other technology tools.
- Respond to activities deemed to be improper or in violation of security policies.
- Produce actionable threat analysis and remediation strategies in written and presentation form.
- Execute internal and external network attack and penetration tests and application penetration testing, and vulnerability assessments. Provide recommendations for prioritization based upon existing controls.
- Perform audits of user account provisioning for potential security threats and violations.
- Take initiative in finding solutions to difficult and/or sensitive problems.
- Perform highly complex product evaluations, recommend, and implement products and services for network security.
- Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
EDUCATION & EXPERIENCE
A Bachelor’s Degree in Computer Science or related degree or equivalent combination of education/experience. Three plus years of information security in IT Infrastructure/Network/Security Operations environment s, support, and testing required.
SKILLS & CERTIFICATIONS
- CISSP or GIAC GSEC certification required.
- Experience supporting Network Security Hardware/Software, to include Firewalls, Intrusion Detection, SIEM, Secure Web/Email Gateways, Anti-Virus and Vulnerability Assessments
- Experience in system technology security testing (vulnerability scanning).
- Experience with scripting languages such as Powershell, Python, Ruby, Perl, or VB, is required.
- A strong understanding of the business impact of security tools, technologies and policies.
- Experience maintaining policies, procedures, standards and guidelines.
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Experience with penetration tools, post exploitations & forensics tools, and practical knowledge in modern offensive tactics.
- An understanding of operating system internals and network protocols.
- Familiarity with the principles of cryptography and cryptanalysis.
- Experience in application technology security testing (white box, black box and code review).
- Ability to work weekends and after business hours.
This position requires use of information or access to hardware, which is subject to the International Traffic in Arms Regulations (ITAR). To perform the position, you must be a U.S. Person as defined by ITAR. ITAR defines a U.S. person as a U.S. Citizen, U.S. Permanent Resident (i.e. ‘Green Card Holder’), Political Asylee, or Refugee.