Summary

As anInformation Security Analyst, you will play a critical role in safeguarding our organization's digital assets and infrastructure against cyber threats. Your responsibilities will include monitoring security events, detecting potential breaches, and conducting threat and vulnerability assessments. You will also be involved in incident response, security incident reporting, and ensuring compliance with industry standards and regulations. Additionally, you will contribute to security awareness training initiatives and collaborate with other IT team members to implement effective security measures.

Minimum Qualifications

• 3 yearsof experience as an InformationSecurity Analyst,Systems Administrator, Network Administrator, or similar role
• Advancedexperience with enterprise security solutions(exEDR/XDR, SIEM, vulnerability management, pen testing)
• Advanced security solution engineering skills
• Advanced knowledge of security incident handling
• Advanced Network security knowledge
• At least3years of experience working in a multi office or branch environment or large campus with multiplebuildings.
• At least 3 years of experience within a structured Service Desk Framework
• Intimate knowledge of the OSI model

Knowledge, Skills, and Abilities

• Demonstrated knowledge of cybersecurity frameworks (ex NIST, SOC2, ISO 27001 and ISO 27002)
• Ability to develop cybersecurity processes, standards, and procedures toensure alignment across the organization.
• Ability to remain up to date on the constantly evolving threat landscape.
• Ability to perform IT riskassessments.
• Understanding of Zero Trust architecture
• Understanding of Identity and Access Management
• Demonstrated experience with cybersecurity implementations.
• Experience securing IaaS workloads.
• Demonstratedknowledge andexperience managing and working with:
  • MS 365 products and services, including ExchangeOnline.
  • Networking, WAN/LAN, TCP/IP, VPN,SDWAN
  • Routers, firewalls, andothernetworkdevices
  • Windows 2012R2 Remote Desktop Services Environment or higher
  • Microsoft Windows Server 2012R2and above
  • Microsoft Active Directory, Group Policy, and DNS
  • EnterpriseAntivirusandEndpointDetection and Response systems
  • Supporting Windows 10and 11 Professional
  • Scripting andautomation
  • Azure environments, toincludeVMs, Azure networking and security, MicrosoftEntra ID, monitoring.
• Excellent troubleshootingand documentationskills
• Ability to work as part of a team and provide exceptional service to our internalcustomers.
• Strong organizational skills and ability to manage multiple deliverables in parallel.
• Follow-through and persistence areessential.
• Relevant security certifications preferred (ex Security , CySA,SSCP)

Essential Functions

Security Monitoring and Incident Detection: The Information Security Analyst monitors network and system logs, security events, and other indicators to detect potential security breaches or suspicious activities. They use security information and event management (SIEM) and extended detection and response (XDR) tools to aggregate and analyze data.Threat and Vulnerability Analysis: The Analyst assesses potential security threats and vulnerabilities in the organization's IT infrastructure, applications, and systems. They monitor vulnerability management tooling and coordinate penetration testing to identify weaknesses that could be exploited.Incident Response and Investigation: In the event of a security incident, the Information Security Analyst responds promptly to contain, mitigate, and resolve the incident. They conduct investigations to determine the nature and extent of the breach and take appropriate action to prevent further damage.Security Incident Reporting: The Analyst prepares and submits incident reports to document security incidents, the response actions taken, and any lessons learned. They communicate with stakeholders and management about the incident's impact and potential remediation measures.Security Policies and Procedures:Information Security Analysts contribute to the development and implementation of security policies, procedures, and best practices. They assist in ensuring that the organization adheres to industry standards and regulatory requirements.Security Awareness and Training: The Analyst will assist in conducting security awareness training for employees to educate them about cybersecurity best practices and potential threats, such as phishing and social engineering.Endpoint Security: The Analyst manages endpoint security solutions, including antivirus, intrusion detection/prevention systems, and endpoint encryption, to protect against malware and unauthorized access.Firewall and Network Security:Information Security Analysts assist Network Administrators in configuration and monitoring of firewalls and other network security devices to control network traffic and prevent unauthorized access.Security Patch Management: The Analyst assists Systems Administratorsin security patching and updates applied to systems and software promptly to remediate known vulnerabilities.Security Auditing and Compliance: The Analyst participates in security audits and compliance assessments to ensure that the organization's security controls and practices meet regulatory requirements and industry standards.Security Incident Coordination: Information Security Analysts collaborate with other IT team members, such as Network Administrators and Systems Administrators, to coordinate security measures and integrate security solutions into the IT infrastructure.Threat Intelligence Analysis: The Analyst stays up-to-date with the latest cybersecurity threats and trends. They analyze threat intelligence reports to adapt and enhance the organization's security posture and proactively defend against emerging threats.

Other and Miscellaneous tasks as necessary: The Analyst is part of the IT Services team, and at times may be required to assist in IT Operations activity not directly related to Security Operations.

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, and filing cabinets. Other conditions may include proximity to forklifts or other heavy machinery and using various tools and hardware. Hybrid work schedule will be considered for the right candidate. #LI-Hybrid

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hand to finger, handle or feel; and reach with hands and arms.

EOE Minorities/Females/Disability/Veterans; VEVRAA Federal Contractor