Information Security Analyst, MOC
About the Role:
GCP Applied Technologies is seeking an Information Security Analyst to contribute to mission critical Information Security operations within the Global Information Technology team. As an Information Security Analyst, you will monitor and respond to IT service requests, evaluate security implications of those requests, and escalate requests and issues to senior Information Security and IT team members. In addition, you will support the information Security team in carrying out its mission by working on a range of efforts from basic troubleshooting to supporting audit and compliance activity.
- Monitor security tools for suspicious network, application, and user behavior. Monitor alerts and service requests submitted via ticketing systems, email or phone. Evaluate urgency, potential security impact, and escalate when appropriate.
- Contribute to security incident response activities. Participate in investigations of suspected breaches or compliance conflicts. Develop and refine event detection, incident response and forensics technical capability and procedures.
- Work with senior security and other IT technical services staff to evaluate, select, install, and configure hardware and software systems.
- Research and help assess the application of controls, fixes, and security patches across the enterprise.
- Participate in and support vulnerability assessments and audits.
Skills & Experience:
- Bachelor’s Degree in Computer Science, Computer Information Systems, or related field
- 2+ years experience in a hands-on IT role - either system administration or network administration
- Strong understanding of network and application layer protocols
- Basic understanding of security systems including: NGFW, IDS/IPS, SIEM, DLP
- Strong communication, decision-making, and collaboration skills
- 2+ years experience working in cloud environments (AWS or equivalent) is preferred
- 1+ years experience with vulnerability scanners (Nessus or equivalent), endpoint security products (Symantec or equivalent), application security, mobile security is preferred
- Knowledge of incident response practices/procedures, NIST CSF, PCI-DSS, SOX, GDPR is preferred
- Entry level security certifications (e.g. Security+, GSEC) is a plus
Position is full time and may require occasional evening/weekend/on-call.