Information Security Analyst

Position Overview 
Regular Full-Time

The Information Security Analyst is responsible for assessing all information risks and facilitating remediation of identified vulnerabilities for the Information Security Office and IT risk across the enterprise. This highly analytical individual will be responsible for leading program maturity efforts and initiatives in collaboration with operations and engineering departments. 

Essential Functions  

• Investigate and identify patterns of continued technical security issues and weaknesses and design solutions to prevent future reoccurrences.   
• Conduct technical security training where appropriate to different lines of business and IT.  This may involve the transference of skills to others where a new information security process has been established.   
• Advise internal lines of business, IT partners, and 3rd parties on how to remediate technical security issues and verify remediation activities. 
• Responsible for in-depth technical security testing of company websites, infrastructure, and applications using a combination of automated & manual commercial/ open-source tools.   
• Responsible for Technical and Executive level reports on technical security issues.
• Design, document, and implement technical information security processes, procedures, guidelines, and solutions.
• Function as primary incident response handler directing IT and other departments during security incidents, including evidence preservation, corrective action, and preventive actions.
• Aid in the implementation, maintenance, and monitoring of the information security program into in-scope operational areas (gap analysis, risk assessment, third party assessments, procedure/specification development, execution of recurring procedures, incident response)
• Align with and support the execution of the Information Security Program vision and strategy
• Meet with project teams and other system architects to develop system designs and project plans that include the appropriate security controls and meet security standards
• Other related projects and duties as assigned  

Key Qualifications  

Total experience typically 5 years in an Information Security position with the following minimums: 

• Three years of application security testing  & vulnerability testing
• Two years of experience in secure software development
• Two years of hands-on Unix experience
• Two years of hands-on infrastructure security
• Understanding of emerging technologies in IT such as Cloud Platforms and Mobile as well as the associated security risks.
• Working knowledge of common information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST, as well as audit and SOC2 experience a huge plus. 

Preferred Qualifications  

One or more of the following certifications strongly preferred: 

• CEH (Certified Ethical Hacker) or equivalent web/application security testing qualification 
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor) 
• IT/Security Vendor Certifications (e.g. Cisco, Microsoft, RSA)
• Forensic experience or certification (EnCE and ACE)
• GIAC/ GSEC (Global Information Assurance Certification – Security Expert)
• GIAC/ GCIA (Global Information Assurance Certification – Certified Intrusion Analyst)
• GIAC/ GCIH (Global Information Assurance Certification – Certified Incident Handler) 

Special Working Conditions  

• Sedentary: involves sitting most of the time but may involve walking or standing for brief periods. Occasionally may involve exerting up to 15 lbs. of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, or pull.