Information Security Analyst (1-Year Contract)

About The Position

Requirements

• Requires a graduate degree with 3 to 5 years of experience in information security or a related field, with specific experience in areas such as incident response, vulnerability management, or security operations.
• Proficient in various security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM (Security Information and Event Management) systems, and antivirus software.
• Knowledgeable about networking protocols and operating systems.
• Extensive working knowledge of information security, vulnerabilities, and threats.
• Expertise in information security best practices, tools, and techniques, including encryption methods.
• Familiarity with relevant security and privacy legislation.
• Understanding of the software development lifecycle.
• Proven communication, presentation, and negotiation skills, with the ability to convey complex information to various audiences.
• Excellent judgment and strong decision-making skills. Critical thinking abilities. Detail-oriented approach to work.

Nice To Haves

• Relevant certifications, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+ preferred.

Responsibilities

• Monitoring Security Systems: Continuously monitor various security systems, including firewalls, intrusion detection systems, antivirus software, and others, to promptly detect and respond to any security incidents.
• Security Incident Response: Take the lead in investigating security breaches and incidents, pinpointing their root causes, and developing strategies to prevent similar occurrences in the future. Collaborate closely with IT and business teams to ensure coordinated and effective response efforts.
• Vulnerability Management: Identify and assess vulnerabilities present in systems and networks, collaborating with technical teams to mitigate risks through patch management and configuration changes. Thoroughly document findings and facilitate clear communication across teams to promptly address security weaknesses.
• Security Policy Enforcement: Ensure the enforcement of robust security controls, policies, and procedures throughout the organization, guaranteeing compliance with relevant regulations, standards, and best practices.
• Security Awareness Training: Develop and implement security awareness training programs aimed at educating employees on the best practices for maintaining information security, fostering a culture of security consciousness within the organization.
• Security Risk and Vendor Assessments: Conduct comprehensive assessments of security risks and evaluate third-party vendor security measures to gauge the effectiveness of existing security controls and identify areas for enhancement.
• Security Tool Evaluation: Assess and evaluate the suitability of new security tools and technologies to bolster the organization's overall security posture, ensuring that chosen solutions align with the organization's security objectives and requirements.