Information Security Analyst

Job Summary

The Information Security Analyst at Envipco is responsible for monitoring, analyzing, and responding to security threats and vulnerabilities within the organization’s IT environment. This role involves conducting security assessments, investigating incidents, and implementing measures to ensure confidentiality, integrity, and availability of systems and data. The ideal candidate is detail-oriented, proactive, and passionate about cybersecurity.

Key Responsibilities

• Threat Monitoring and Detection: Monitor security systems (e.g., SIEM, IDS/IPS, firewalls) for suspicious activity and potential threats. Analyze security alerts and logs to identify and prioritize potential risks.
• Incident Response: Assist in investigating and responding to security incidents, including malware infections, phishing attacks, and unauthorized access. Document incident details and support post-incident analysis and reporting.
• Vulnerability Management: Conduct regular vulnerability scans and assessments to identify weaknesses in systems and applications. Collaborate with IT teams to prioritize and remediate vulnerabilities.
• Security Assessments: Perform risk assessments and security audits to ensure compliance with policies and standards. Evaluate configurations of systems, networks, and applications for security best practices.
• Security Tools and Technologies: Manage and maintain security tools, such as antivirus software, endpoint protection, and encryption solutions. Recommend improvements to enhance security tool effectiveness.
• Compliance Support: Assist in ensuring compliance with regulations (e.g., GDPR, PCI-DSS) and industry standards (e.g., ISO 27001, ISO 42001). Prepare documentation and reports for audits and compliance reviews.
• Security Awareness: Support the development and delivery of security awareness training for employees. Promote best practices for secure use of systems and applications.
• Threat Intelligence: Stay informed about emerging cybersecurity threats, vulnerabilities, and trends. Apply threat intelligence to enhance monitoring and response strategies.
• Collaboration: Work closely with IT, network, and application teams to implement security controls. Coordinate with external vendors and partners as needed for security-related tasks.

Education and Experience

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• 2+ years of experience in cybersecurity, IT security, or a related role.

Certifications (Preferred)

• CompTIA Security+
• Certified Ethical Hacker (CEH)
• GIAC Security Essentials (GSEC)
• Other relevant certifications (e.g., CompTIA Cybersecurity Analyst (CySA+)).

Skills and Competencies

• Knowledge of cybersecurity principles, including threat detection, vulnerability management, and incident response.
• Familiarity with security tools (e.g., Splunk, Nessus, Wireshark, CrowdStrike).
• Understanding of network protocols, firewalls, and cloud security (e.g., AWS, Azure).
• Strong analytical and problem-solving skills with attention to detail.
• Ability to work independently and as part of a team in a fast-paced environment.
• Effective communication skills for documenting findings and collaborating with stakeholders.

Other Requirements

• Ability to handle sensitive information with discretion.
• Willingness to participate outside standard work hours.
• Willingness to travel internationally as required.

Key skills/competency

• Cybersecurity
• Threat Detection
• Incident Response
• Vulnerability Management
• Security Assessments
• Compliance (GDPR, PCI-DSS, ISO 27001)
• Security Tools (SIEM, Splunk, Nessus, CrowdStrike)
• Network Security (Firewalls)
• Cloud Security (AWS, Azure)
• Risk Management