Cyber Security Analyst

The Information Security Analyst will assist in the assessment of the cyber security landscape and benchmark against ISO 27001 Information Systems Management System and the NIST (NIST CSF assessment) to identify gaps, match new policies to existing controls and recommend additional policies to align with current standards. Provide support in the design and implementation, or remediation of, new and existing IT security systems to protect the organization's computer networks from cyber-attacks. You will also help develop organization wide best practices for IT security and monitor computer networks for security issues, install security software and document all security incidents. Provide technical support to the business and stakeholders, and respond immediately to service-related incidents. Implement required controls and monitor the networks and requirements for routers, firewalls, and related network devices. Review and advise on the installation of firewalls, VPNs, routers, and servers and update security systems as needed.

Implement security structures and systems to protect and defend against malware and other intrusions to a computer system and conduct assessments of the entire system to test it for any weaknesses or vulnerabilities. Assist in the planning, research, and design of security architectures for the company and perform vulnerability testing and security assessments.

Responsibilities

• Monitor and improve security tools (i.e. Minerva, Symantec EDR, Symantec Quarantine, Symantec DPL/WSS/CASB, Microsoft DFI, Alert Logic, etc.), and execute daily operations via ticket handling, providing escalation though the incident management process if required.
• Perform assessments of systems and networks within the environment and identify where those systems and networks deviate from acceptable configurations, standards, or policy.
• Provide support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
• Assist in the implementation of the required policies and standards (i.e. ISO 27001, NIST CSF) and make recommendations on process improvements.
• Perform analysis to validate established security controls, identify potential gaps, and provide recommendations on additional security requirements and safeguards necessary to eliminate or mitigate risk.
• Create and update required documentation to specifying security requirements and develop / enhance security policies and standards.
• Educate internal customers on security risk and best practices and drive the security awareness and phishing training campaigns for the organization.
• Support the creation of reliable automated end-to-end security tests.
• Identify and deliver appropriate metrics to drive security architecture compliance.
• Research new and emerging threats to ensure assessment methodology keeps pace with security trends.
• Foster and create relationships to meet the goals and objectives!

Qualifications

• Bachelor's or Graduate's Degree in computer science, engineering, information systems or mathematics or equivalent experience.

• 3+ years of experience in information security
• Preferred: Security+, CISSP, CISA, CISM or equivalent training and willingness to obtain certification
• Excellent written and oral communication skills
• Experienced with penetration testing and techniques
• Ability to identify and mitigate network vulnerabilities
• Understand patch and configuration management
• Knowledge of firewalls, antivirus and IDPS concepts
• Experienced in installing security software and documenting security issues
• Demonstrated leadership and problem-solving skills.

• Skilled in threat detection and network architecture.