Information Technology Security Analyst

Job Summary

Under the supervision of the Director of Cyber Security, the Information Security Analyst will be involved in defining security strategy, policy, solving security challenges, and leading initiatives to improve the organization’s security posture.  Key activities will be to conduct risk assessments, monitor security technologies and events, manage security incidents, provide incident response, and stay up to date with the latest security trends and technologies.  Provides input and recommendations to the Director of Cyber Security to be considered in Information Technology strategic planning, security operations, procurement, and resource allocation. This position also provides security awareness programs and support to the organization.

The incumbent must possess a detailed knowledge of security standards and best practices, processes, policies, and tools.  The incumbent must possess an in-depth knowledge of organizational issues regarding system security and user access. This position will require the ability to incorporate security functions into system design and configuration. An ability to implement organizational processes and procedures; and analyze information and formulate proposals for improvement or resolution is required. Knowledge of multiple platforms, operating systems, networks and firewalls is required. The incumbent must be able to maintain effective working relationships with staff, management, and vendors. In addition, the ability to communicate effectively in verbal and written form is required.

Essential Functions

• Research, recommend, and assist in the implementation of cyber security solutions for organization systems and products that comply with all applicable security policies and standards.
• Works with IT, internal and external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software.
• Analyzes and makes recommendations to improve network, system and application architectures.
• Examines network, server, and application logs to determine trends and identify security incidents.
• Participates in developing, implementing, maintaining, and overseeing enforcement of policies, procedures, standards, playbooks and associated plans for system security administration and user system access based on industry-standard best practices.
• Monitors and reports on compliance with established security policy and procedure.
• Conducts periodic security audits, firewall and IPS policy reviews.
• Assists in responding to audits, penetration tests, vulnerability assessments, and evaluating security controls of third-party vendors, including SOC 2 reviews to ensure the organization's infrastructure is secure and compliant.
• Serve as advisor to the Information Technology management team and to the Director of Cyber Security in governance processes of TRS security strategies.
• Assists the security and networking teams in security environment support including MS Windows servers and workstations, VMware environment, network infrastructure, firewall(s) and security appliances, phone system, tape libraries, SAN, and other environments; supports security aspects of server application environments including e-mail, SQL databases, file/print services, imaging, desktop and print environment.

Essential Functions (Continued)

• Assists in strategic security planning to achieve business goals by recommending the prioritization of initiatives and coordinating the evaluation, deployment, and management of current and future security technologies.
• Meets with all levels of management and employees to provide technical expertise; participates in disaster recovery and business continuity planning. Assists in the evaluation of security software and hardware systems to ensure reasonable risk is addressed.
• Assists Director of Cyber Security in developing and communicating security strategies and plans to Information Technology Management team, external staff, partners, and stakeholders.
• Participates in the development and evaluation of security performance criteria and measurement methods.
• Monitor security events to detect and investigate potential security breaches, exfiltration, data security or threats; includes intrusion prevention system alerts. phishing, staff reported incidents, malware, ransomware, and viruses.

Essential Function (Continued)

•  
• Research latest security threats, trends, breaches, incidents and methods for impact and risk to organization, utilizing open source and internal threat intelligence sources
• Member of the Incident Response Team; Leads and coordinates activities adhering to the incident response plan.
• Plans and deploys Security Awareness program, including phishing training, for all staff.
• Operates and maintains the Security Information and Event Management system, creating new ingestions, dashboards, and alerts.  Assists and provides support to other departments that also leverages the SIEM.
• Assists the Director of Cyber Security in the operation and implementation of the Data Classification system, to support policy and standards.
• Works with IT groups to facilitate and coordinate adoption of new technologies, standards and technology security. Researches and recommends new technology that focus on mitigating or reducing risk to the organization.
• Available to respond to security alerts or incidents of unauthorized access, intrusion attempts or breach of security at any time (24 hours a day, seven days a week) or to provide assistance, as needed.
• Performs other related duties as assigned.

Knowledge, Skills, and Abilities

• Ability to analyze and interpret data.                                                                                                
• Seeks to acquire knowledge in area of specialty.                                                                                          
• Demonstrated ability to maintain confidential information.                                                                      
• Demonstrated written and verbal communication skills.          
• Possess strong technical aptitude.

Minimum Requirements

• Bachelor’s degree in computer science, Information Technology, or a related technical field or: An Associate degree in Computer Science or related technical field plus 2 years of relevant work experience.
• Three to five years’ experience directly related to Information Security, supplemental to educational resources listed above
• Ability to maintain confidentiality and work with sensitive information.
• Technical expertise in network security knowledge, to include VPN, firewall, network monitoring, intrusion detection, web server security, wireless security, cloud, and the Internet of Things (IoT)
• Core knowledge of networking fundamentals (TCP/IP, Network Layers, Protocols, etc.)
• Practical experience with database security, content filtering, vulnerability scanning and anti-malware, data classification/data loss prevention.
• A commitment to delivering high-quality, prompt, and efficient service to the business.
• Knowledge of common vulnerabilities and exploitation techniques
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions; evaluate risk, likelihood, and impact to assess course of action.
• Strong problem-solving and trouble-shooting skills.
• A commitment to continuous learning to stay abreast of the ever-changing cyber landscape.

Preferred Qualifications

• Experience working in public sector (Pension and Retirement funds, Securities, Financial Services, and Investments a plus)
• Working knowledge of 3rd party compliance/frameworks such as NIST CSF, ISO27001, CIS Critical Controls
• Practical experience with data classification and data loss prevention.
• Proficiency with at least one scripting language (e.g. Python, PowerShell)
• Knowledge of and experience with security software such as CrowdStrike, Fortinet solutions, Elastic SIEM, Tenable
• Linux experience desirable
• One or more security certifications such as: CompTIA Security+, CCSP, GIAC, GSEC