Information Security Analyst

Responsibilities:

• Research the latest information technology security trends, to keep current and promote use of the latest technology to protect our information by creating recommendations for company-wide best practices.
• Coordinate/Conduct frequent simulated cyber-attacks and penetration testing to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack.
• Tracking and coordinating known cyber vulnerabilities following them to completion and ensuring all are properly closed out. 
• Assist in system monitoring and remediation to manage security alerts and identify/reduce false positives.
• Development cyber security related strategies and approaches including a cybersecurity breach contingency and recovery plan.
• Research new tools and technologies to assist in the cyber security area.
• Coordination with external entities on critical cyber matters.
• Work with other IT Security team members to share information and promote a secure and proactive IT security environment.
• Work with emergency management and COOP Planners to ensure that the Information Technology’s recovery plan is fully coordinated with the COOP and emergency plans.
• Investigate and document security breaches and other cybersecurity incidents including assessing damage potential.
• Perform computer forensics as needed.
• Implement and maintain vendor supplied security hardware components & software packages.
• Perform diagnostics for security problems and identify and analyze security risks.
• Coordination of security assessments with internal audit and external vendors.
• Assist in developing security awareness and training programs for IT and employees who work with sensitive data.
• Create and manage Cyber Security policies, standards, procedures, and guidelines.
• Work with confidential information obtained through security scans and assessments of systems.
• Report status and progress on efforts to management as necessary.
• Other related security duties as assigned.

Top skills you need to have:

• Minimum of two (2) years of cybersecurity experience and a total of 5 or more years’ experience in Information Technology related areas.
• Completion of one of the following recognized professional certifications: QSA (Qualified Security Assessor), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), SSCP (Systems Security Certified Practitioner), Certified Ethical Hacker (CEH)
• Technical Expertise: Cisco Firepower, Cisco Secure Endpoints, Cisco Network Analytics, Splunk, RedHat Linux, Microsoft Windows Server, VMware, Citrix
• Knowledge of NIST Cyber Security Framework, CIS Security Controls.
• Experience with network and application security including firewalls, VLANs, routers, switches, Linux, Microsoft Windows and VMware operating systems, Oracle and Microsoft SQL Server databases, ecommerce, PCs.
• Experience performing penetration testing.
• Experience setting up firewall rules.
• Experience performing computer forensics.
• Experience with designing, implementing, and managing an enterprise-wide security program.
• Experience working with outside vendors to coordinate testing and resolution of security vulnerabilities.
• Experience writing recovery plans, updating policies/procedures and documenting security breaches.