Lead Cybersecurity Analyst

Lead Cybersecurity Analyst
New York, NY (Hybrid: 3 days onsite per week)
Full Time (No 3rd party resumes allowed)
PRIMARY FUNCTION:
The Lead Cybersecurity Analyst is responsible for leading implementation of the organization's cybersecurity controls, to implement and maintain reporting dashboards and metrics, to manage cybersecurity projects, will participate and/or consulted in all infrastructure projects.
Essential Duties and Responsibilities:

• Serve as main point of contact to plan and conduct periodic vulnerability assessments. Coordinate remediations activities with partners and internal teams.
• Project manage cybersecurity initiatives.
• Cybersecurity controls :
  • Lead implementation of cybersecurity controls based on NIST framework.
  • Continuously measure effectiveness of cybersecurity controls in place.
  • Work with vendors, carriers, and other IT teams to implement new security controls and troubleshoot existing controls.
  • Lead cross functional effort to develop and maintain cybersecurity alerts.
• Incident Response and Forensics :
  • Monitor and analyze cybersecurity events. Coordinate with partners and internal teams as needed.
  • Lead Incident Response efforts across on-premises and cloud environments, including containment, eradication, and recovery activities. Conduct/participate in digital forensics investigations to analyze security incidents and identify root causes.
  • Collaborate with VP of IT to develop and maintain Incident Response plan.
• Integrations :
  • Validate and identify risks associated with system integrations.
  • Assist evaluation of new software, SaaS platforms of business services meet cyber security best practices.
  • Provide expertise in integration and engineering of Security platforms.
• Develop and deliver comprehensive cybersecurity awareness training programs.
• Conduct regular phishing email exercises to test and improve employee vigilance (leverage KnowBe4).
• Assess cybersecurity impact of all changes via participating in Change Control process.
• Build a culture within and outside the IT team that is forward focused on control effectiveness in risk reduction.
• Contribute to the technical understanding and adoption of information security and operational standards, solutions and tools.
• Perform other duties or special projects as required or assigned.
• On call 24x7 for urgent cybersecurity issues.

Skills:

• Understanding of networking concepts and protocols, DNS, DHCP, VLANs, proficient in Microsoft and Linux operating systems, virtual environments (VMware), Active Directory, Group Policies, Microsoft 365, Intune, Cloud and Hybrid Cloud Architecture.
• Advance knowledge of Cisco Meraki firewall and cloud-based Web Application Firewalls (WAFs) like Sucuri, Cloudflare, Akamai.
• Strong knowledge of security best practices and compliance requirements.
• Technical understanding of vulnerabilities and how attackers can exploit vulnerabilities to compromise systems
• Ability to define KRI and KPI, create reports and dashboards.
• Expert in Microsoft Office Suite, SQL, Python, data visualization tools such as Power BI or Tableau.
• Auditing/assessing data network security design.
• Strong analysis and problem-solving abilities. Technical eye for details.
• Highly self-motivated and able to work independently with minimal supervision.
• Excellent teamwork, interpersonal, verbal and written communication skills.
• Expertise in managing multiple projects in parallel. Experienced knowledge of project management methodologies such as SCRUM, Agile, hybrid and best practices.
• Technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
• Domain knowledge of cyber security (i.e. vulnerability management, Security Operations, Data Protection, Privacy and Compliance, etc.)
• Data Analysis and Validation.

Work Experience:

• 5+ years of experience in IT Infrastructure and Cybersecurity industry; multiple functions experience is preferred.
• Hands-on network, server and endpoint security experience with implementing and maintaining security controls and patch management in distributed on premises environment and cloud platforms (Azure and AWS).
• Hands-on experience implementing NIST security framework.
• Strong network security experience.
• Strong project management experience.
• Strong experience in performing security risk assessments.
• Incident Response and Incident Response Plan development experience is preferred.