Information Security Analyst

Fortune 150 Utilities Client - Hybrid in Uptown Charlotte

Brooksource is searching for an associate-level Identity and Access Management Analyst for one of our leading utility partners located in Charlotte, NC. This is the ideal opportunity for a candidate with minimal experience to quickly make a tangible impact with their Identity & Access security team.

The IAM Analyst maintains and troubleshoots Identity and Access Management technology capabilities. This Analyst is responsible for managing technical security solutions to ensure the security and resilience of systems and assets, consistent with related policies, standards, and procedures. Additionally, they will implement the appropriate technical safeguards to ensure the delivery of critical infrastructure services. To achieve this goal, the Information Security Analyst tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware, software, and documentation required to effectively manage cybersecurity resources utilized to achieve information security architecture goals.

Daily you will:

Process: Assist with the identification and documentation of asset vulnerabilities. Gather threat and vulnerability information from information sharing forums and sources. Provide key management for data security (encryption) activities. Provide technical assistance to business/process owner implementing audit log records to meet security objectives. Provide technical assistance to the configuration of information system implementation of the principle of least functionality. Protect communications and control networks. Establish and manage a baseline of network operations and expected data flows for users and systems. Administer and operate cybersecurity tools within scope of responsibility (i.e.; configuration manager, file integrity monitor, vulnerability scanner, intrusion detection, network diagnostics, firewall analyzer, data loss prevention, audit logging, etc.) to include installation, configuration, maintenance, backup and restoration

• Risk Assessment: Implement protections against data leaks. Use integrity checking mechanisms to verify software, firmware, and information integrity. Implement tasks under the enterprise vulnerability management plan. Aid with the establishment of incident alert thresholds. Aid information system owners with the mitigation of vulnerabilities and incidents.
• Quality Improvement: Test and evaluate new cybersecurity applications, rules/signatures, access controls, and configurations of platforms managed by service provider(s). Identify potential conflicts with implementation of cybersecurity tools within the enterprise information system architecture and information security architecture. Assist in identifying, prioritizing, and coordinating the protection of critical infrastructure and key resources.
• Communication: Share effectiveness of protection technologies with appropriate parties.
• Collaboration: Coordinate with network and system engineers to assist with the management of operational tools with secondary cybersecurity functions (i.e.; network policy manager, proxies, identity and access management, denial of service protection, etc.).

Skillset:

• 1-2 years of relevant professional experience
• Basic knowledge of system and application security threats and vulnerabilities (buffer, overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
• Data backups and types of backups
• Knowledge of host and network access control mechanisms, Intrusion Detection System tools and applications, & incident response and handling methodologies.
• Knowledge of information assurance principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data.
• Basic knowledge of how traffic flows across the network (TCP/IP), and network protocols (TCP/IP, DHCP, DNS), and Virtual Private network (VPN) security.
• Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities
• Basic skill in: applying host/network access controls, tuning sensors, using incident handling methodologies, using VPN devices and encryption, security network communications, protecting a network against malware.

Qualities of a Top Candidate:

• (Top characteristic): Strong communicator who can come in at the associate level to learn and energize senior team members with new ideas and creative solutions. Ability to eagerly seize responsibility, ownership, and initiative for assigned tasks.
• (Can't miss quality): Ability to embody poise, presence, and personal integrity expected of an industry professional
• (Technical skills): Microsoft Technology Associate - Security Fundamentals or CompTIA Security