Security Analyst
Description
Ensures that IT Security and risk-based practices are applied to systems, devices, applications, databases, and personnel roles as required for regulatory compliance. Systems examples include but are not limited to monitoring systems, early anomaly detection and response, MFA, IDS/IPS, Security Information & Event Management (SIEM), data loss prevention (DLP), vulnerability management, cloud environment controls, and user activity.
Responsible to assist in the development, deployment, and maintenance of corporate information security strategy. In the event of an IT security incident or breach, this candidate will assist on
the IT Security Incident Response Team.
DUTIES AND RESPONSIBILITIES
Information Security Management:
· Conduct regular security assessments and vulnerability scans to identify potential risks and weaknesses in our information systems.
· Implement and maintain security controls to protect against unauthorized access, data breaches, and other security threats.
· Monitor security events and incidents, analyze security logs, and respond to security breaches
promptly.
· Assist in the development and enforcement of security policies, procedures, and guidelines.
· Collaborate with IT teams to ensure secure configurations of systems, applications, and network devices.
· Stay up-to-date with the latest security technologies, trends, and best practices to continually improve our security posture.
Compliance and Regulation:
· Ensure compliance with relevant industry standards, laws, regulations, and contractual obligations (e.g., GDPR, HIPAA, ISO 27001, PCI DSS).
· Conduct compliance assessments and audits to validate adherence to security standards and
requirements.
· Prepare reports and documentation for internal and external stakeholders to demonstrate compliance
· Collaborate with legal and regulatory affairs teams to interpret and implement applicable data protection and privacy laws.
· Provide guidance to internal teams on compliance-related matters and assist in remediation efforts when needed.
Risk Assessment and Mitigation:
· Identify, assess, and prioritize information security risks based on the potential impact and likelihood of occurrence.
· Develop risk mitigation strategies and recommendations to enhance overall security posture.
· Work with business units to ensure that security measures align with business objectives and are properly integrated into their processes.
Training and Awareness:
· Conduct security awareness training sessions for employees to promote a security-conscious culture.
· Educate staff on security policies, best practices, and procedures to reduce human-related security risks. Incident Response and Forensics:
· Participate in incident response activities and support investigations into security incidents. · Assist in collecting evidence, conducting forensic analysis, and preparing incident reports.
JOB SKILLS AND TRAITS
· Experience in Privacy Management and regulation. GDPR, CPRA, CCPA, etc.
· Experience with AWS and Azure Cloud.
· Experience with Firewalls, Load Balancers, WAFs, VPN concentrators.
· Experience with hardening standards for servers, desktops, laptops, networking devices.
· Experience with Pen Tests and Vulnerability Scans.
· Understanding of malware, network threats, attack vectors, incident response.
· Information security issues in an open, highly distributed networked environment.
· Enterprise Intrusion Prevention Systems.
· The secure use and system administration of desktop and server operating systems.
· Internet protocols and data formats such as HTTP, TLS, SSL, HTML, and XML.
· Database technologies such as Elasticsearch, SQL, or Oracle.
· Identification and authentication technologies.
· Knowledge of cloud, container-based and virtualization architectures.
· Encryption techniques, algorithms, and approaches.
Desired
• Higher education or government agency information security experience
• Experience handling and protecting information at a variety of sensitivity levels
• Understanding of laws and standards such as FISMA, GLBA, FERPA, PCI DSS, ISO, and NIST Information security certifications such as CISSP, CSFA, CEH, GWAPT, GPEN, etc, a plus
QUALIFICATIONS
· 5+ years experience in cybersecurity or information security
· Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CISSP, CISA, or CISM are a plus.
· Proven experience in information security, compliance, or a related field.
· Strong knowledge of security frameworks, such as NIST, CIS, or ISO 27001.
· Familiarity with regulatory requirements and privacy laws (e.g., GDPR, HIPAA, etc.).
· Understanding of risk assessment methodologies and risk management practices.
· Experience with security tools and technologies, such as firewalls, IDS/IPS, SIEM, etc.
· Excellent analytical and problem-solving skills with attention to detail.
· Effective communication and collaboration skills to work with cross-functional teams.
· Ability to stay abreast of industry trends and emerging security threats.