Cyber Security Analyst

Position: Cyber Security Analyst

Location: Tulsa, OK, United States (On-site)

Type: 6 Months

SUMMARY

Monitor security systems and events to assess, detect, analyze, and investigate threats. Work regularly to enhance current solutions to improve security posture. Communicate technical security requirements, install security measures, and recommend raising the level of security awareness. Participate in all cybersecurity incidents providing analysis and documentation.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Includes the following:

• Must be available 24x7 for cyber incident response support – we will find out more about this need but for now just make sure candidates understand they need to be flexible and will sometimes be on call.
• Fulfillment of responsibilities must be performed with little to no supervision
• Required to be in-office locations on a full-time basis
• Responsible for logging, tracking, documenting and resolving all cyber incidents in the designated solution
• Support security policies and standards
• Develops, monitors and evaluates access control security standards.
• Designs and implements security controls designed to detect and protect against cyber-attacks and other persistent threats.
• Monitors and analyzes potential infrastructure security events to determine if event qualifies as a legitimate security incident.
• Investigates legitimate security incidents and submits findings following forensic guidelines to preserve evidence for potential legal action; recommends prevention solutions to IT security engineering and/or incident response.
• Performs regular network monitoring and intrusion detection analysis using various Computer Network Defense tools, such as Intrusion Detection/Prevention Systems, Firewalls, SIEM, NAC, and Vulnerability Management tools.
• Performs coordination and weekly updates to cybersecurity risks (risk register) including driving risks to closure with IT security engineering and other internal/external resources.
• Assures all basic cybersecurity requests/incident tickets are closed in a timely manner and assigned changes, enhancements, and other ticket creation requests are submitted with all required data.
• Conducts interviews with end users involved with a security incident.
• Assists in conducting security testing, verification, and risk analysis of the company’s network and systems.
• Analyzes and reports patching status of OS and Applications and works directly with applicable teams for remediation.
• Assists in the creation and deployment of regular user training articles, phishing campaigns, and Cybersecurity Awareness campaigns.
• Collaborates with team to ensure all cybersecurity policies and procedures are regularly updated and maintained including upgrades to latest PCI and NIST standards.
• Participates in knowledge sharing to develop solutions efficiently.
• Provides project support as assigned
• Performs other job-related duties as assigned.

SUPERVISORY/MANAGEMENT AUTHORITY

No supervisory/management authority.

EDUCATION AND EXPERIENCE

Bachelor’s degree in computer science, information systems, or other related field, and 4 to 6 years of cybersecurity experience or an equivalent combination of education and experience. Four (4) years of information technology experience managing security solutions with a business network and Active Directory, mitigating viruses, malware, and spam, and/or reporting on vulnerability and risk via Qualys required.

Certified Ethical Hacker (CEH) and/or Certified Information Systems Security Professional (CISSP) certifications preferred.

KNOWLEDGE, SKILLS AND ABILITIES

• 3 years of experience in cybersecurity and common security tools/platforms
• 3 years of advanced administration and troubleshooting of O365 and associated services
• Extensive experience in cybersecurity analysis, incident response, and documentation
• Proficiency in conducting security assessments, vulnerability testing, review of technology solutions with experience in documenting findings and recommendations
• Excellent analytical and problem-solving skills, with the ability to assess complex security challenges and develop effective solutions, with expertise in documenting incident response activities and outcomes
• Working knowledge of NIST Cybersecurity Framework and CIS Critical Security Controls.
• Advanced knowledge of information security and network technologies and concepts
• Advanced knowledge of firewalls, proxies, SIEM, antivirus, and IDPS concepts
• Ability to design, build, and maintain information security systems
• Ability to pro-actively identify, track, and resolve system vulnerabilities
• Proven experience with multiple platforms from Mac, Windows, iOS, Android, preferred
• Strong communication, organizational, presentation and documentation skills
• Have a can-do attitude and demonstrate a passion for new technology and learning
• Ability to maintain confidentiality and exercise discretion
• Strong initiative, integrity, self-motivated and have great attention to detail
• Excellent communicator whether it is face-to-face, written or oral communication

WORK ENVIRONMENT

Work is primarily performed in a climate-controlled office-setting. Work may require travel, including overnight stays. Work will require varied shifts including, weekends and holidays, as needed (on call).