empty

Information Security Analyst

Job Description

Posted on: 
November 24, 2024

Summary and company overview

Position Summary: The Information Security Analyst is a pivotal, hands-on role. This position is dedicated to ensuring the  integrity and security of all data across both on-premises and cloud-based applications. As an on-premises role, the analyst will be actively engaged in resolving technical issues from inception to resolution.  A strong technical /infrastructure background is required.  This is not a remote or hybrid position. We require onsite presence Monday to Thursday. Fridays are currently remote.

Responsibilities

  • Implement and maintain the Center for Internet Security (CIS) Controls framework to maintain robust security protocols and procedures.
  • Implement and manage security measures for information systems to prevent breaches, detect vulnerabilities, and manage risk.
  • Conduct regular system audits to ensure compliance with security standards.
  • Proficiency in AI and its application in data security and protection strategies
  • Collaborate with IT teams to integrate security practices into the development lifecycle.
  • Provide training and guidance to IT staff on cybersecurity best practices.
  • Stay abreast of the latest cybersecurity trends and technologies.
  • Assist with updating and reviewing SSP (System Security Plan)
  • Develop controls such as firewalls, business systems, data leakage protection systems, patching, encryption, vulnerability scanning, remediation as well as advises and implements configurations for a variety of security tools.
  • Evaluate, categorize, and remediate security events and vulnerabilities before they become security incidents.
  • Identify security gaps discovered through ongoing monitoring of all information security controls and propose enhancements to security controls and implement them fully.
  • Participates in cybersecurity projects to ensure that the delivery is on-time and adopted to meet the company's information protection requirements.
  • Maintain relationship with Managed Security Services Provider
  • Own vulnerability management with categorizing, evaluating risk and implementing the remediation steps to closure.
  • Patch management for servers and endpoints.
  • On call rotation for emergency related events due to outages, cyber events, etc.
  • This is a hands-on, technical role that requires a robust background in infrastructure technologies to assess and deploy solutions.

Job Requirements

Required Qualifications:

  • BA/BS degree relating to information technology, compliance, information management, infrastructure and/or information security and a minimum of 5 to 7 years' work experience.
  • Candidates must possess analytical skills, which evolved from training in Cybersecurity, Information Systems, Computer Science, helpdesk/infrastructure, or similar discipline.
  • Experience managing Rapid7.
  • Experience managing NextGen AV systems.
  • Hands on experience running AI models.
  • Experience with information security framework models such as CIS Framework, NIST, etc., implementing and auditing security measures, security response, and incident management.
  • Working knowledge of network switches, routers, firewalls and VPN, network security, administration of DLP, antivirus, antimalware, IDSIPS, SIEM, SMTP, Email security, AD, Group Policy, DNS, DHCP, and VLANs.
  • Knowledgeable in security best practices such as encryption, hashing, vulnerability scans, event log monitoring, intrusion detection and prevention, eDiscovery, and content filtering.
  • Ability to oversee, resolve, and consistently enhance the vulnerability management program.
  • Ability to propose and implement solutions for closing identified vulnerabilities.

Preferred Qualifications:

  • Knowledge of cloud providers' security (AWS, Google Cloud Platform, or Azure).
  • Prior experience managing EDR solutions.
  • Prior experience with SIEM, configuration management, hardening, and vulnerability scanning
  • Experience with identity access management systems (IAM)
  • Previous experience in a HIPAA and FDA regulated environment preferred.

Additional commentary

NA

Summary and company overview

Position Summary: The Information Security Analyst is a pivotal, hands-on role. This position is dedicated to ensuring the  integrity and security of all data across both on-premises and cloud-based applications. As an on-premises role, the analyst will be actively engaged in resolving technical issues from inception to resolution.  A strong technical /infrastructure background is required.  This is not a remote or hybrid position. We require onsite presence Monday to Thursday. Fridays are currently remote.

Apply now