Information Security Analyst

About The Position

Requirements

• Minimum 4 years in Information Security, or IT OPS management and systems administration with at least 2 years specific to IT Security;
• Strong knowledge of Information Security design, principles, and processes; Experience in writing and /maintaining information security policies, standards, and guidelines;
• Demonstrated ability to monitor and audit network security systems such as Firewalls, IPS, SIEM, DLP, web proxy, NAC, and Vulnerability scanners;
• Hands on experience with mitigating security controls (i.e., anti-virus, IPS/IDS, DLP, web and network proxies, URL content filtering, multi-factor authentication, SSL VPNs);
• Experience in incident response required; In-depth knowledge of Windows/Unix operating system forensics, event logging systems, authentication methods, remote and local web application security, penetration testing);
• Advanced experience in networking (TCP/IP) protocols, DNS, LDAP, AD, DHCP, HTTP, Web browsers, Firewalls, and other computer/network security and system administration;
• Familiar with regulatory compliance regulations (PCI, SOX, PII, HIPAA, etc.);
• Strong knowledge of common security frameworks (ISO, NIST, etc.);
• Experience in risk assessments and vulnerability management;
• General knowledge of Endpoint protection solutions;
• Knowledge of mainstream operating systems (Microsoft Windows, Linux, IOS) and a wide range of security technologies;
• General knowledge of Database technologies and queries (Microsoft SQL, MySQL, Oracle, etc.);
• Ability to independently identify, research and resolve issues with minimal amount of supervision, and ability to work with peers in a team effort;
• Detail oriented with excellent organization and analytical skills;
• Ability to plan, take initiatives to accomplish objectives in timely fashion, and work independently;
• Ability to prioritize work and meet deadlines;
• Ability to establish and maintain effective working relationships with project team members, supervisors, and other employees.
• Speak, read, write and understand English
• High

Nice To Haves

• CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), or CISA (Certified Information Systems Auditor) certification are highly preferred.

Responsibilities

• Provide guidance and expertise in the field of risk management regarding the protection and security of digital assets in the cloud and on premise.
• Design and develop Information Security Architectures to prevent unauthorized access to our information and data breaches.
• Develop and implement information security policies and procedures; develops security guidelines and safe practices for Funds’-wide computing and networking systems, and maintain the documentation.
• Manage, maintain and monitor security technologies such as vulnerability scanning solutions, IDS/IPS, anti-virus technologies, DLP capabilities, SIEM technologies, host forensics and malware analysis, web application firewalls and proxy solutions.
• Manage real time threat detention technologies to identify and quarantine threats, Monitor Endpoint Security Alerts and take corrective action.
• Minimize security threats by examining governance, technology infrastructure, and facilities to identify security deficiencies, using risk analysis and follow up with corrective action plan.
• Monitor internal control systems to ensure appropriate access levels are maintained, protect against unauthorized system access, modification and destruction.
• Review security related reports, logs and occurrences; escalate issues and initiate security response procedures.
• Create and review vulnerability reports, track compliance with vulnerability management policies, and escalate.
• Research and evaluate emerging technologies in support of security technology enhancements, propose technical solutions to management, to address security weaknesses and coordinate with relevant stakeholders to implement.
• Reviews, updates, and enforces data security practices within the organization; tests for exposures to ensure adherence to guidelines and procedures, and works with platform experts to implement remedial measures as appropriate.
• Tests security controls and manages the associated remediation of any deficiencies as needed.
• Assess security information, triaging and responding to security events, identify false positives, and conduct correlation analysis across numerous internal and external data sources while prioritizing information security incidents.
• Perform Project Management tasks for security initiatives /projects.
• Manage incident-handling processes, which include implementation of containment, protection, and remediation activities.
• Coordinates the handling and resolution of security incidents, to include system intrusions and abuse, and acts as a primary point of contact.
• Develop responses to internal & external audits, penetration tests and vulnerability assessments.
• Support Information Security training and awareness by providing ideas and content, assist HR with employee security awareness education and training.
• Manage multiple priorities and deadlines concurrently.
• Provide support after hours, on weekends and through on-call rotation.
• Performs other duties as assigned