Information Security Analyst

About The Role

The Information Security Analyst is responsible for the day-to-day monitoring of systems and networks for security issues, installing security software, documenting security issues or breaches and performing security testing for company systems. The Information Security Analyst may perform risk assessments, support business continuity, review system configuration and compliance with security requirements, perform incident logging and reporting, security operations, and end user security administration and system access.

What you’ll do & how you’ll make your mark:

• Identifies and ensures mitigation of information security risks within the organization
• Evaluates projects to ensure proper security requirements and actively with corporate-wide information security project planning and documentation of divisional and corporate projects
• Assists with internal and external IT audits. Support processes for identification, collection and review of relevant data and assist with defining control recommendations that are both efficient and effective.
• Reviews requests for adherence to security policies, assuring requests are executed correctly
• Identifies security incidents and responds to ensure risk is contained
• Maintains integrity of security controls based on toolsets as well as support their updates and use
• Develops and analyzes security reports and reports security incidents to compliance staff and department leadership
• Monitors audit system to find security violations, vulnerabilities, and abnormalities
• Develops and maintains security control framework, which includes security policies, standards, practices, and guidelines

Who you are & what you’ll need to succeed:

• Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security)
• Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks, Threat and vulnerability management
• Experience with vulnerability scanners, vulnerability management systems, patch management and host-based security systems
• Knowledge of networking and the common network protocols
• Demonstrated ability to create scripts to automate processes in PowerShell, Python or Bash
• Demonstrated ability to perform static and dynamic malware analysis
• Demonstrated ability to analyze large data sets and identify anomalies
• Demonstrated ability to quickly create and deploy countermeasures under pressure
• Familiarity with common infrastructure systems that can be used as enforcement points
• Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals
• Project Management skill is a plus
• Experience working with cloud technologies (AWS, Azure, SaaS, etc.) is highly desired with a focus on Oracle’s OCI being most desirable
• Ability to take internal vulnerability, threat intelligence and other sources of data and report on it, at scale for large scale tracking and remediation

Role Level & Qualifications:

• Intermediate professional role
• Moderate skills with high level of proficiency. Works under general supervision with increased latitude for independent judgment.
• Identifies non-routine issues and routes/escalates to appropriate team member.
• Works on multiple concurrent projects of medium complexity. Is an active team member, contributes to complex projects to gain experience, shares ideas and suggests process improvements appropriate for level of experience.
• Consults with senior peers on semi-complex processes to learn through experience.
• Typically requires a minimum of 3 - 5 years of experience in security-related fields or related disciplines.
• A degree in Information Technology, Computer Science or related field is highly desirable.
• Certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), CompTIA Security+ is highly desired.

Key skills/competency

• Information Security Analyst
• Risk Management
• Vulnerability Management
• Incident Response
• Security Audits
• Network Security
• Access Control
• Encryption
• Security Testing
• Compliance