Information Security Analyst

Information Security Analyst

Overview:

This role is responsible for monitoring systems for intrusions and malicious activity, assessing the effectiveness of security controls, identifying gaps, evaluating risk, participating in the security lifecycle for IT projects, and supporting compliance with applicable laws and regulations.

The position requires a holistic approach to assessing security risks and the ability to apply abstract thinking to evaluate issues and develop solutions. The analyst will utilize information from frameworks, guidelines, threat-intelligence, and industry best practices to support decision making.

Essential Duties & Responsibilities

• Monitor systems and networks for malicious activity.
• Support internal and external security and compliance audits.
• Install, configure, and support technical security controls and countermeasures.
• Maintain security policies, procedures, guidelines, and standards.
• Promote information security awareness across the organization.
• Participate in the internal incident response team.
• Perform vulnerability scans and support remediation activities.
• Monitor and manage Data Loss Prevention (DLP) tools.
• Work with subject matter experts to complete System Security Plans.
• Assist with operating security solutions managed by the IT Security group.
• Support daily IT security operations.
• Assist technical teams in monitoring and responding to operational alerts.
• Attend training and conferences to maintain proficiency.
• Research current threats, vulnerabilities, tools, techniques, laws, and best practices.
• Work flexible hours as needed for maintenance windows; occasional after-hours work may be required.
• Perform related duties as assigned.

Qualifications

Required Technical Experience

• At least 3 years of experience in technology or information security roles.
• Understanding of enterprise networking and datacenter environments.
• Knowledge of HIPAA Security Rule and PCI requirements.
• Proficiency with Microsoft Windows and Linux.
• Working knowledge of TCP/IP networking.
• Familiarity with compliance frameworks (HIPAA, PCI, NIST).
• Ability to perform log and packet analysis.
• Ability to learn new technologies and address complex issues.
• Experience assessing and recommending security controls.
• Prior technical support experience.
• Knowledge of industry standards and current security threats.

Preferred Technical Experience

• Experience with Nexpose or similar vulnerability scanners; Metasploit or Kali Linux experience a plus.
• Familiarity with SAML and Microsoft ADFS.
• Firewall administration experience.
• Knowledge of CJIS requirements.
• Experience with Microsoft Azure or Office 365.

Skills & Abilities

• Strong written and verbal communication skills.
• Ability to communicate clearly with technical and non-technical stakeholders.
• Ability to take initiative with minimal supervision.
• Ability to work under pressure and handle disruptions.
• Strong interpersonal and customer service skills.
• Ability to build and maintain positive working relationships.
• Ability to work after hours when required.

Education & Certifications

• Bachelor’s degree in Information Security, Computer Science, Telecommunications, or related field, or equivalent experience.
• Security , GIAC, OSCP, CISSP, CCSP, or similar certifications preferred but not required.
• Valid driver’s license with ability to travel to multiple sites.