Information Security Analyst III
Remote
Cambium Learning Group
The Education Essentials company. Cambium provides award-winning education technology and supplemental K-12 solutions | Cambium Learning GroupJob Overview:
The Information Security Analyst III supports the company’s existing information security programs and provides technical and analytical support for all aspects of our information security management system. The goal of the role is to ensure confidentiality, integrity and availability to all systems and company data assets.
Job Responsibilities:
- Assesses the company’s existing security measures and identify vulnerabilities within the company’s systems and networks.
- Develops and implements security policies, standards and procedures to safeguard against unauthorized access, modification and destruction of information assets.
- Monitors systems for potential security breaches; investigate incidents, identify threats, and take appropriate action to mitigate risks.
- Helps to manage all remediations related to IT security controls execution.
- Coordinates 3rd party security audits.
- Coordinates 3rd party pen testing services.
- Runs the roll out of new security tools and processes.
- Creates and manages security awareness training campaigns.
- Creates and manages phishing simulation campaigns.
- Heads risk assessments and leads in the development of risk treatment plans by working with asset owners.
- Runs technical and management support for investigating security incidents, e.g., phishing attacks, DDoS attacks, data leaks, account compromises, etc.
- Provides technical leadership in the operations of our security operations center (SOC).
Job Requirements:
- Bachelor’s degree in information security, computer science, engineering, or related technical field with 4-7 years of relevant experience.
- Possess one or more information security certifications such as CISSP, CISA, GIAC, CompTIA Security+, CCSP, AWS certification.
- Excellent communication, presentation, and documentation skills.
Knowledge Requirements:
- Data backup and recovery.
- Business continuity and disaster recovery continuity of operations plans.
- Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Controls related to the use, processing, storage, and transmission of data.
- Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Measures or indicators of system performance and availability.
- Network traffic analysis methods.
- Skill in creating policies that reflect system security targets.
- Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- New and emerging information technology (IT) and cybersecurity technologies.
- Current and emerging threats/threat vectors.
- Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Penetration testing principles, tools, and techniques.
- AWS security architecture and tools and Microsoft Azure security architecture and tools.
- Knowledge of one of more security frameworks, e.g., ISO-27001, NIST Cybersecurity Framework, PCI-DSS, SOC2, CIS Controls, NIST SP 800-53, etc.
To learn more about our organization and the exciting work we do, visit www.cambiumlearning.com
An Equal Opportunity Employer
We are dedicated to fostering a culture that celebrates unique backgrounds, ideas, and experiences. All qualified applicants will receive consideration for employment without discrimination on the basis of race, color, age, religion, sex, gender, gender identity/expression, sexual orientation, national origin, protected veteran status, or disability.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits AWS Azure CCSP CISA CISSP CompTIA Computer Science DDoS GIAC Intrusion detection Network security NIST NIST 800-53 Pentesting Risk assessment Risk management Scripting SOC SOC 2 SQL Vulnerabilities XSS
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Security Consultant jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open DevSecOps-related jobs