Responsible for analyzing security controls for information systems. Safeguards the network against unauthorized infiltration, modification, destruction, or disclosure. Researches, evaluates, tests, recommends, communicates, and implements new security software or devices. Enforces, communicates and develops security policies or plans for data, software applications, hardware, and telecommunications.
- Performs information security risk assessments, evaluates the design and effectiveness of security controls, manages risk, and provides advice for the implementation information security controls that addresses potential issues.
- Performs operational assessment, prioritization, and remediation of enterprise vulnerabilities and exposures
- Collects, assesses, and reports upon operational security metrics to measure the effectiveness of security controls and identify opportunities for improvement.
- Participates in monitoring of data security profiles and reviews of information security violation reports and investigations of security exceptions.
- Collects, assesses, and reports upon relevant Information Security threat intelligence / actionable security information and establishes operational requirements.
- Serves as an escalation point for incidents identified by the SOC, information Security Operations & Information Technology (IT). Performs analysis and response to relevant alerts and events.
- Assists with coordinating remediation for any gaps reported in audits or recommended process improvements that effect core information security services.
- Promotes and participates with development and update of security awareness training by working with Talent Development to provide orientation, educational programs, and on-going communication.
- Works with business and technical stake holders to research, assess, evaluate, and support the implementations of security related projects.
- Provides insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum security standards.
- Position will have a high level of collaboration with other information Security Analysts and extensive involvement with our Security Operations, Network Infrastructure, and IT groups.
- Contributes to the achievement of established department goals and objectives and adheres to department policies, procedures, quality standards, and safety standards.
- Performs other duties and responsibilities as assigned by information Security management, leadership and/or CISO.
QUALIFICATION REQUIREMENTS (please indicate if ‘preferred’)
- Bachelor's degree in Information Systems, or a combination of equivalent technical experience and education.
- Operation information security experience. Hands-on experience with the following: system hardening, vulnerability scanning/remediation, firewall, penetration testing, Incident Response, Incident Handling, and reporting. Hands-on experience in evaluating and applying technical security controls to applications, servers, or network infrastructure. Experience performing vendor security assessment. Experience with various security management tools (Vulnerability Management, Configuration Management, SIEM, etc.)
- License/Certification/Registration: CISSP, SANS GSEC, CompTIA Security+, or CEH certification preferred.