Information Security Analyst

Information Security Analyst

Job Description

The Intermediate Information Security Engineer is a hands-on team player who can provide technical security guidance with the design, operation, service, and maintenance of a variety of information systems. This individual has knowledge of IT Enterprise Architecture and can assist other teams to ensure that security standards are created and implemented into project lifecycles. This role can identify security gaps, help develop controls, assist in determining functional and non-functional security requirements, and help design solutions that meet business objectives while complying with security standards to achieve Security-by-Design principles based on the needs of the business and organizational security requirements.

This position reports directly to the Sr. Manager, Information Security and Compliance.

Responsibilities:

• Help develop and maintain a robust security technology strategy designed to address risks associated with the cloud, data center, and enterprise  environments
• Assist with implementing, configuring and maintaining technical security solutions designed to protect information assets both on-prem and cloud-based environments
• Perform vulnerability assessments, security controls checks, and reporting
• Work with project and development teams to identify and help define security requirements
• Keep abreast of security industry standards, technology changes, trends, and best practices to ensure public cloud and on-prem environments are properly secured, monitored, and documented
• Partner with Infrastructure and System Engineers to understand and document network control systems/equipment, network diagrams, firewall, and other security system configurations: Review and approve security infrastructure changes as required
• Participate in security incident response activities
• Provide feedback on new and existing security policies, procedures, and standards
• Assist with providing subject matter expertise for information security architecture, planning, and roadmaps
• Support after hours and weekend change schedules as necessary.  
• Assist with other security-related initiatives as they arise

Required Technical Skills:

• 5 years information security engineering or commensurate cloud security experience.
• Application and infrastructure security experience (i.e., Anti-virus, firewalls, cryptographic management (PKI), network protocols, filtering, etc.). 
• Experience with log management and SIEM solutions
• Solid understanding of the following areas: system administration, IT support, risk management, and change management
• Expert knowledge of Infrastructure Security controls system administration, and business continuity planning and practices. Demonstrated experience with Network security control systems and technologies e.g. VPN gateways, layer 3-7 next-generation firewalls (Palo Alto, Juniper), IPS, ACLs, DLP, NAC, Wireless Systems,
• Strong experience with security tools used to identify security vulnerabilities (i.e. web, OS, infrastructure) 
• Familiarity with legal, regulatory, and industry security requirements and frameworks. Including, but not limited to the following: International Organization for Standards (ISO/IEC 27001); Payment Card Industry - Data Security Standards (PCI - DSS); CIS Top 10; NIST Cyber Security Framework

Qualifications:

• Team player who is able to work effectively at all levels of an organization
• Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work products
• Highly self-motivated, strong attention to detail, with strong analytical and problem-solving skills
• Strong verbal and written communication skills
• Strong interpersonal and conflict management skills

Education:

• Bachelor’s degree in Information Systems or related degree, or equivalent job experience
• At least one industry standard certification such as GIAC Security Essentials (GSEC), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or other security vendor certification

Additional Information:

All your information will be kept confidential according to Equal Employment Opportunities guidelines.