Job summary

The Information Security Analyst I monitors and responds to multiple security systems, dashboards, mailboxes and alerts. The Analyst utilizes experience and judgement to determine when a security event rises to the level of an incident and escalate as necessary to senior staff. The Analysts works with Information Security Analysts to learn company-specific tools (QRadar, Ensilo, Sophos, Umbrella, Barracuda web and email filters, Security Center, Tripwire, etc.).

essential Job Duties & responsibilities

• Assist with troubleshooting network and system issues with Information Security Engineers.
• Document technical procedures and user guides.
• Maintain server lifecycle documentation.
• Develop deep understanding of the knowledge and skills detailed by NIST below to pursue a career path in Advanced Information Security:
• Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
• Ensure that the application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
• Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Implement specific cybersecurity countermeasures for systems and/or applications.
• Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.
• Perform cybersecurity testing of developed applications and/or systems.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
  • Plan and recommend modifications or adjustments based on exercise results or system environment.
  • Properly document all systems security implementation, operations, and maintenance activities and update as necessary.
• • Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed.
  • Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
  • Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of installation, integration, and optimization of system components.
  • Knowledge of human-computer interaction principles.
  • Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
  • Assess and monitor cybersecurity related to system implementation and testing practices.
  • Verify minimum security requirements are in place for all applications.
• Perform ad hoc responsibilities, as needed.

essential competencies

• Bachelor’s degree in Computer Science or higher in related IT field or equivalent work experience.
• Minimum ten years of experience in Information Technology (Windows Desktop Support & Server Support).
• Possession of or pursuing security certifications (CISSP path preferred).
• Knowledge of TCP/IP and data protocols.
• Ability to prioritize and multitask.
• Deadline and detail-oriented.
• Troubleshooting and critical thinking skills.
• Excellent customer service skills.
• Ability to grasp new, complex tasks and generate insights based on experience and new knowledge.