Information Security Analyst III

Position Summary: The Information Security Analyst III position develops the cyber security toolset, detection, prevention, and response capabilities, to expand the information security tactics and strategy.  The analyst will engage in many facets of the information security program while providing guidance and functioning as an experience resource to junior analysts.

Essential Duties and Responsibilities:

• Protects the confidentiality, integrity and availability of critical data, systems, and services
• Safeguard information system assets by identifying and solving potential and actual security and risk concerns
• Protects systems by defining role and attribute-based access privileges, control structures, and resources
• Categorizes risks and threats by identifying abnormalities and reporting violations
• Implements security improvements by assessing situation; evaluating trends; anticipating requirements
• Determines security violations and inefficiencies by conducting periodic audits
• Monitors, investigates, and responds to security alerts
• Upgrades cyber security program and capabilities by implementing and maintaining security controls
• Prepares performance and stability reports to communicate system status to users and management
• Maintains quality of service by following organization standards, guidelines, and procedures
• Maintains information security documentation and standard operating procedures
• Maintains technical knowledge by attending educational workshops, achieving certifications, and subscribing to relevant publications
• Perform and track vulnerability assessments and facilitate remediation efforts
• Assist in various security projects
• Review and perform daily security system health checks and correct deficiencies
• Provides documentation and evidence to respond to audits
• Answer security related helpdesk requests and approvals
• Maintain an up-to-date application inventory
• Provides on-call support as needed
• Contributes to team objectives
• Understanding of common networking ports and protocols
• Other duties as assigned

Experience and Education:

• Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent work experience
• 5+ years of prior relevant experience
• CompTIA Security+ (or equivalent)
• Certified Information Systems Security Professional (CISSP) Preferred
• Azure Security Engineering Associate or equivalent experience
• AWS Security Specialty Certification or equivalent experience
• Cloud analytic security tools
• CIS 2.0 security and NIST 800-53 framework controls
• FFIEC Cyber Assessment Tool (CAT)
• SOC I, SOX, GLBA, and FFIEC regulatory compliance

Skills and Abilities Required:

• Ability to function with limited supervision
• Provides support to junior associates
• Strong interpersonal skills.
• Quality written and oral communication, and presentation skills.
• Critical thinking and problem-solving skills.
• Attention to detail.
• Commitment to operational excellence and continuous process improvement.
• Willingness to expand and apply security knowledge, skills, and abilities to department initiatives.
• Strategic project management and oversight of milestones and deliverables.
• System administration
• Network security concepts
• Information security policy
• On-call network troubleshooting
• Firewall administration
• Network protocols
• Intrusion Detection and Prevention systems (IDS/IPS)
• Data Loss Prevention (DLP)
• Virtual Private Networks (VPN)
• Multi-Factor Authentication (MFA)
• Endpoint Detection and Response (EDR)
• Mobile Device Management (MDM)
• Identity Access Management and Privileged Access Management (IAM and PAM)
• Role and attribute-based access controls
• (RBAC and ABAC)
• TLS and certificate management
• Log analysis
• URL filtering
• Patch Management
• Security Information and Event Monitoring Tools (SIEM)
• Vulnerability scanners
• Foundational routing, switching, segmentation
• E-mail filtering, phishing, SMTP header analysis
• Wireless technology and security
• Threat management and response

#LI-JG1