Note: we are unable to hire in every state

Summary: The Information Security Analyst, Associate works with the Information Security team to identify, protect, detect, respond, and recover from security related events through the implementation of all applicable mitigation solutions to eliminate the risk. This position will perform continuous monitoring of all network resources, carryout in-depth analysis of security risks and assist with the development of mitigation solutions, while conducting regular vulnerability audits, and risk assessments. The Information Security Analyst, Associate will also be required to actively participate in the management and administration of information security related requests, as well as participate in the administration creation and/or maintenance of policies, standards, baselines, guidelines, and procedures. Where applicable, the Information Security Analyst, Associate will work with Application Security Test Engineers in the selection and implementation of new security solutions, to promote secure-by-default designs, in support of secure application development and sustainment, ensuring information systems and infrastructure will be secured throughout the software/system development life cycle (SDLC).

Key Responsibilities: “To simplify complexities for each customer.”

Qualifications/Education/Certifications:

Bachelor's degree from four-year college or university (in Information Technology, Computer Science, or a related field preferred) plus 0-2 years of related experience; or equivalent combination of education and experience.

Prefer one or more of the following active certifications: CISSP, CISM, CISA, CEH, CompTia Security , GCIA, GPEN or GSEC.

Knowledge, Skills and Abilities:

• Experience working in an enterprise architecture, information security, information technology or information risk management related field.
• Experience with technical security controls (e.g. AAA, multi-factor authentication, network or host based firewalls, network or host based intrusion detection/prevention systems, anti-virus, encryption, Virtual Private Networks (VPN), web application firewalls, configuration management, host hardening, continuous monitoring, incident response, or data loss prevention administration) within an organization or in a consulting capacity.
• Experience conducting security and IT control audits assessments.
• Experience working with vulnerability scanners.
• Experience working with penetration testing tools (Metasploit, Nmap, and Burp Suite)
• Must demonstrate understanding of infrastructure and application security requirements and architecture.
• Demonstrated experience with security architecture solutions for large, critical systems and an understanding of Information Security standards, frameworks/methodologies, and best practice (NIST, ISO 2700x, CIS, ITIL, CoBIT, OCTAVE, GLBA).
• Understanding of host security architecture best practices.
• Understanding of network security architecture best practices.
• Ability to work well under pressure and to meet tight deadlines.
• Demonstrate a high level of motivation, confidence, integrity, and responsibility.
• Possess excellent written and verbal communication skills, presentation, and problem-solving skills and be able to interact well with peers and internal customers.

Physical Demands/Working Conditions:

Duties are performed primarily in a home office setting utilizing computer equipment. Travel to attend meetings and visit locations throughout the country may be required. While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee is frequently required to use hands. The employee is occasionally required to stand and walk.*** Job descriptions will be reviewed and are subject to changes of business necessity. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.