IT Security Analyst

Overview

Our client is looking for an IT Security Analyst to monitor security alerts, perform vulnerability assessments, and implement security protocols and processes to safeguard against possible threats. This individual will determine and mitigate security risks, take part in incident response activities, and ensure compliance with security policies and regulations. A significant portion of the role will focus on data security and cloud security to protect sensitive information and ensure the integrity of cloud-based and on-premises systems.

Responsibilities

• Monitor security alerts and respond to incidents promptly.
• Stay current with the latest security trends and technologies.
• Perform vulnerability assessments and suggest mitigation strategies as they are discovered or disclosed by vendors or third parties.
• Assist in evaluating infrastructure, training, procedures, and policies to identify areas that may not support the desired risk levels for the data held.
• Support the implementation and maintenance of security measures and systems.
• Implement and oversee data security measures to safeguard sensitive information from unauthorized access, disclosure, alteration, and destruction.
• Ensure the security of cloud-based systems by implementing best practices for cloud security, monitoring cloud environments, and responding to cloud security incidents.
• Ensure the security of on-premises systems by implementing best practices for on-premises security.
• Participate in research initiatives on solutions that can help mitigate undue risk to data, report findings, and develop suggested solutions.
• Provide tier-three support for security-specific solutions including anti-malware, intrusion detection/prevention, auditing/testing, incident response, and cryptography systems.
• Create and maintain assessment systems for measuring compliance with company policies, procedures, security training programs, technical infrastructure, third-party partner SLAs and agreements, applications, and development efforts against compliance baselines.
• Collaborate closely with the IT Security and Compliance Program Committee to determine compliance baselines from security frameworks such as NIST 800-53, legislative requirements, and corporate objectives.
• Offer guidance and security policy interpretation for managing risk on Windows servers and desktops, Linux systems, cloud systems, data stores, perimeter networks, virtual private networks, and email communications.
• Collaborate with business unit leaders and senior IT team members to identify the risk value of company data and the required business operations that work with the data.
• Provide escalation for on-call security support to end-users following the established IT cybersecurity incident playbook.
  
  

Key Focus Areas

• Strong focus on AWS Security.
• Experience securing CI/CD Pipelines, particularly with GitLab.
• Application Security experience, including familiarity with common application vulnerability assessment tools such as:
• SAST (Static Application Security Testing)
• DAST (Dynamic Application Security Testing)
• Secrets Detection
• API Security (Preferred, not necessary).
• Data Governance, with familiarity in Purview for Data Loss Prevention use cases (preferred but not necessary). Familiarity with Collibra (preferred, not necessary) is a bonus as it is a Data Governance/Enterprise tool we may procure.
• Experience with SIEMs (Security Information and Event Monitoring) is preferred, especially with Rapid7, though familiarity with other SIEMs will suffice.
  

Qualifications

• Bachelor’s degree in computer science or information security, plus one to three years of relevant information systems experience with a strong focus on security, or a combination of education, certification, and experience from which comparable knowledge and skills are acquired.
• Basic understanding of cybersecurity concepts and principles, including data and cloud security.
• Knowledge of security tools and technologies.
• Systems Security Certified Practitioner (SSCP) certification or ability to obtain within the first year. Additional certifications such as Certified Cloud Security Professional (CCSP), AWS Certified Security – Specialty, and Certified Data Privacy Solutions Engineer (CDPSE) are highly desirable.
• Ability to conduct detailed research and evaluation of security issues and products as required.
• Strong analytical thinking and problem-solving skills.
• Strong interpersonal and communication skills, including verbal and written.
• Strong organizational skills.