Job Description:
The IT Security Analyst assists in developing, supporting and maintaining an integrated security program to protect the integrity, confidentiality, and availability of information systems assets. The team member will perform security analysis, administration security functions, and provide technical support on security related issues to end-users. The team member is responsible for monitoring computing practices to ensure that individual and departmental access and rights, resources, and information are secure. The team member will assist in implementation and administration of information security policies and procedures as well as maintains information systems used to uphold those security policies. The team member is responsible for protecting information in an organization’s computer systems from data breaches and cyberattacks. The team member helps enforces security policies and ensure compliance and will assist in troubleshooting security issues. The team member evaluates security risk assessments and presents security information to workforce and management. The team member may assist in the maintenance of firewalls and/or data encryption software, develop security standards and best practices to protect sensitive information, identify risks and vulnerabilities in an organization’s network systems, and investigate if a data breach occurs. The team member will provide workforce with support for security-based questions and problems
Uses data encryption, firewalls, and other appropriate security tools and applications to conceal and protect transfers of confidential digital information.
Reviews violations of security procedures; provides training to ensure violations do not recur. 5
Safeguards system security and improves overall server and network efficiency by training users and promoting security awareness.
Monitor security related websites and email distributions to possess knowledge of common exploits, vulnerabilities and countermeasures. Escalate any high-risk security threats to the Information Security Management.
Assist in implementation of corporate security policy functions/procedures that align to security mandates/standards that include Sarbanes-Oxley, HIPPA, and PCI compliance.
Handle vulnerability management process, which includes scoping, vulnerability scanning, penetration testing, reporting, ticket administration, and remediation follow-up tasks.
Recognize and identify potential gaps in areas where existing data security policies and procedures require changes, or where new ones need to be developed, especially regarding future business expansion.
Coordinate information between GISCS and other CCL departments to ensure security measures are enforced as requested by his/her manager.
Assist in maintaining policy and procedures that are designed to protect designed computer programs, databases and data files from unauthorized or accidental duplication, modification or destruction.
Perform other information security system functions, as assigned by the Information Security Manager/Supervisor.
Skillset / Experience:
Discipline/Major Management information system, computer science, or related work experience will be considered
Required Certifications Security+ preferred
Required Years and Area of Professional Experience Minimum of four years of experience in computer systems with specialization within information security and/or network security
Critical Professional Related Technical/Computer Skills Experience working with the following solutions: Cycognito, Splunk, Qualys, Orca, and/or Axonius. – Working knowledge of anti-virus, APT detection, data loss protection (DLP), WAF, web content filtering, IDS/IPS, vulnerability scanners, forensics tools, SIEM, DB monitors. – Experience working with networking device components (i.e., managed switches, routers, and firewalls). – Experience with managing vulnerability scanning (static/dynamic) and penetration testing. – Familiarity with fundamentals in networking/distributed computing environment concepts; ability to configure and/or correlate information in DNS and understands basic network routing concepts.
Other Requirements Broad technical knowledge and experience which includes the following: Linus/Unix, TCP/IP, Active Directory, Microsoft Windows platforms (desktop/server), Open System platforms (desktop/servers), database platforms (SQL/Oracle) Service-oriented and must work easily with end users, IT administrators, and management. Industry recognized technical certification desired (MCSE, CCNA, CISSP, CISA, Security+) – Excellent oral and written communication skills
Preferred Education Bachelor’s degree
Preferred Experience and Type Two years of experience – Senior Level
Knowledge, Skills & Abilities Ability to administer and interpret information security policies Strong organizational and analytical skills Ability to multi-task and handle changing priorities
