Information Security Analyst

About The Position

Requirements

• Applies research, information gathering and analytical skills.
• Selects appropriate alternatives from defined options.
• Collects required documentation; verifies conformance of documents with standards.
• Assesses accuracy of detailed information.
• Tracks, maintains and produces regular and ad hoc reports.
• Handles detailed, structured problems.
• Identifies roadblocks to task completion and effectively brings them to management for resolution.
• Generally uses existing procedures to resolve standard problems.
• Works on assignments where judgment is required a majority of the time.
• Knowledgeable in security best practices and defense in depth strategies for multiple platforms (i.e. Linux/Unix, Windows, Mac).
• Knowledgeable in common cybersecurity threats, attacks, and TTPs.
• Knowledgeable in intrusion detection and investigations.
• Knowledgeable in incident handling and reporting.
• Knowledgeable in analyzing host-based and network logs.
• Knowledgeable in firewalls rules and configuration.
• Knowledgeable in public cloud computing platforms.
• Knowledgeable in standard cybersecurity frameworks and implementing security controls.
• Knowledgeable in privileged account management (PAM).
• Knowledgeable in vulnerability management.
• Knowledgeable in methods of data protection, types of encryption, and data loss prevention (DLP) solutions.
• Knowledgeable in identity and access management methodology.
• Knowledgeable in automation scripting languages (i.e. PowerShell, Python, Bash).
• Knowledgeable in security awareness training.
• Knowledgeable in endpoint protection solutions (EDR/XDR).
• Knowledgeable in multifactor authentication (MFA) technologies.
• Knowledgeable in email security gateway solutions.
• Good understanding of networking technologies.
• Contributes to cost- benefit analysis to justify investment in security controls to mitigate risks.
• Knowledge of the Globally Accepted Information Security Principles.
• Must possess strong verbal and written communication skills and be able to adapt to the level and nature of their audience.

Nice To Haves

• Undergraduate degree and 0-2 years relevant experience.
• Security certifications such as GCIH, GSEC, Security+
• 4-6 years of relevant experience or equivalent combination of education and work experience.

Responsibilities

• Defines and implements information security strategies and procedures.
• Works with engineering teams to define and refine information security and systems management policies and settings.
• Monitors and assesses vendor and 3rd party information security reports/lists.
• Evaluates new and emerging products, technologies and makes recommendations to leadership concerning introduction of new technologies.
• Coordinates, administers, manages and monitors the use of access control systems security tools and intrusion detection systems to identify anomalous events and security infractions that exploit system vulnerabilities.
• Integrates information security controls into an environment to identify risks and reduce their impact.
• Provides analysis of potential risk to information security and recommends solutions.
• Creates and maintains information security documentation.
• Communicates information security procedures to users.
• Reviews and recommends changes to information security policies, including STAAR Surgical IT use policies, Data Sensitivity and Personally Identifiable Information Security Policies and procedures.
• Knowledge of basic principles, methods, technologies and practices of a professional/technical field.
• Apply a basic understanding of the underlying principles of a professional discipline - typically obtained through formal study.
• General knowledge of procedures and activities within their own work area.
• Ability to relate actual day-to-day work to business priorities.
• Focused on learning the key aspects and duties of the job being performed.
• Oversees the activities of the assigned team within a functional area.
• Sets direction for the team and prioritizes workload.
• Ensures that organizational and process changes are implemented by the team.
• Brings team members together to resolve issues and achieve operational strategic goals.
• Performs other duties as assigned.