Information Security Systems Analyst

About The Position

Requirements

• Bachelor’s degree in Information Security, Cyber Security, or a related field, or equivalent work experience
• Experience in Microsoft Office Suite and Visio
• Analytical/attention to detail
• Excellent problem-solving skills and the ability to work both independently and as part of a team.
• Strong communication skills, with the ability to convey complex security concepts to non-technical stakeholders.

Nice To Haves

• Previous banking experience preferred but not required
• Project management skills preferred but not required
• Familiarity with regulatory compliance
• Experience with hybrid cloud environments
• Understanding of NIST frameworks (NIST 800-53, NIST CSF)
• Understanding of regulatory compliance such as GLBA, PCI, and HIPAA
• Direct involvement with the following technical solutions: DLP, EDR, SIEM, Email Security Gateway, Programming/Scripting Language (Python, C#, JavaScript, Powershell)
• Industry recognized certifications (CompTIA, GIAC, and ISC)
• Demonstrates ownership and accountability, proactively identifying and addressing risks before they escalate
• Anticipates and responds to the needs of internal and external customers
• Stays informed of emerging technologies, best practices, and regulatory changes; devotes time to professional development
• Upholds ethical standards, owns mistakes, and communicates status and challenges openly
• Responds swiftly to critical situations, demonstrating agility and a solution-driven mindset
• Provides timely, jargon-free updates to stakeholders and non-technical colleagues
• Fosters creativity and continuous improvement

Responsibilities

• Operational Security Monitoring: Continuously monitor security operations to identify and address potential threats and verify effective controls operation.
• Email Security: Utilizing industry best practices and standards will facilitate good email hygiene while adapting security controls to limit risk posed by email-based attacks and data loss. Capable of taking actions to identify and mitigate email-based threats.
• Web Security: Ability to identify and adjust to changing threat landscape and to work with infrastructure team to ensure network border protection.
• Endpoint Security: Knowledgeable on host-based attacks. Will identify and respond to hosts identifying potential threats as well as hosts which are out of compliance.
• Log Management: Oversees the ingestion of logs for various resources and identifies shortcomings in log aggregation including storage duration. Log storage must comply with policy and regulatory requirements. Identifies usability and shortcomings when evaluating log sources and log parsing.
• Managed SOC Oversight: Can act as point of contact for various MDR/MTR third-party vendors. Primary escalation point for both identified threats and administrative issues.
• Vulnerability Management: Administration of the Vulnerability Management platform. Leads the weekly Vulnerability Management collaboration meeting with other groups as needed. Is responsible for maintaining and documenting mitigations including remediation, risk accept, and recasts.
• Data Loss Prevention: Understanding of protected information and the risk posed when the confidentiality of protected information is undermined. Will work directly with DLP tools both as an administrator and as a primary escalation point for any discoveries.
• User Behavior Monitoring: Understanding of user behavior indicators of compromise and how/when to take appropriate actions. Basic and common situations which may indicate suspicious behavior and conducting additional investigation when warranted. Understanding of User Behavior Entity Behavior Analytics (UEBA) tools considered a plus.
• Privileged Access Management: Acts as checks and balances for existing access controls. Capable of escalating situations as identified. Capable of identifying shortcomings in the existing access control to better harden user and system privileges. Emphasis on vendor access. Lives by ‘Principle of Least Privilege’, identifies, and helps to eliminate when LLP is impaired.
• Management Reporting: Assist in preparation of monthly management reports
• Other Projects as Assigned

Benefits

• INB provides health, dental, vision, and life insurance benefits to all full-time employees. Coverage is also extended to their eligible dependents. Active employees make premium contributions based on plan selections.