IT Security Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, MIS, or a related field, or an equivalent combination of education and directly related experience
• 3+ years of hands‑on experience in information security analysis or security operations, including basic malware analysis and Windows server administration
• Practical experience with SIEM monitoring, vulnerability management, and familiarity with patching solutions
• Ability to identify and understand common threats, attacks, and vulnerabilities, including malware, social engineering, and application‑based attacks
• Knowledge of cloud identity and access management security
• Creative, “think‑outside‑the‑box” mindset with the ability to explain security concepts to non‑technical audiences
• Collaborative, socially adept communication skills with strong stakeholder engagement abilities, needed for effective partnerships with IT teams, business units, and leadership
• Working knowledge of IT security architecture and design such as Data Loss Prevention (DLP), Security Information & Event Management (SIEM), multi-factor authentication, cloud computing, mobile device security, etc.
• Enterprise applications, desktop security management and network management
• Structured Query Language (SQL)
• Related industry, organizational and departmental policies, practices, and procedures; legal guidelines, ordinances, and laws;
• Product documentation including technical requirements, product workflows and product instruction manuals;
• Statements of work for IT Security related projects/products;
• RFP, legal contracts for technology purchases; understand purchasing operational procedures;
• Technical Reference materials (i.e. Gartner)
• Real-time alerts including administrative changes, network lockouts, malware, and shared folder outbreaks;
• Preparing and maintain reports (ie. Daily network events, malware, administrative summary, foreign IP and lockout, Ad-hoc, and month-end)
• Build strong relationships both internally and externally;
• Strong communication skills, both verbal and written;
• Ability to handle confidential information with discretion;
• Ability to analyze large volumes of information from multiple sources in order to draw conclusions regarding suspicious patterns and create procedures needed for increased user productivity;
• Ability to use Microsoft Office Suite (Excel, Word, PowerPoint, etc.) and use standard office equipment (telephone, computer, copier, etc.)

Nice To Haves

• Preferred certifications or willingness to obtain: CISSP, GCIH, GREM, CCNP, CompTIA Security+, CompTIA CySA+, Cisco SecureX, or other relevant industry credentials

Responsibilities

• Investigate malware issues, determine severity, and recommend mitigation; follow up to ensure resolution;
• Respond and assist with initial incident assessments, damages, recovering services; post incident information and analysis;
• Serve as a technical lead or Subject Matter Expert (SME) on IT sponsored projects;
• Provide active participation in information security architecture design;
• Monitor security events at the network, application, database and operating systems level to identify potential security incidents;
• Identify weaknesses in OUC’s security posture that could result in unauthorized access to sensitive data; participate in building remediation plans that minimize risk to sensitive data and build a defensive security posture;
• Provide escalated security tool administration;
• Perform all provisioning and modifications of user access to all major OUC IT assets including network and major applications;
• Conduct Security Awareness training for other Business Units; train users on how to maintain OUC’s security as well as their own;
• Train IT support technicians on first and second level response access related issues for supported applications, payment issues, personal and corporate device provisioning, and website issue management;
• Provide access control third level support to the ITSC on enterprise applications(i.e. EnterpriseOne);
• Serve as primary Security contact for all IT-related Request for Proposals (RFPs) and contracts across all business units, including Purchasing and Legal departments;
• Review and modify RFPs to include IT Security standards and policies; including the creation of additional attachments
• Work with Legal department attorneys to review RFP and contract wording; explain technical and security concepts;
• Complete IT Contract review document for Legal for all IT Security purchases;
• Review Hosted Vendor Solution Questionnaire required for any service that processes or host OUC data; works with responding vendors on any outstanding questions or concerns;
• Work on various projects to configure and implement and test security tools;
• Asses risk for new and existing technology. Researches, plans, and tests mitigations for risk management;
• Monitor security events at the network, server, application, and database;
• Perform other duties as assigned.

Benefits

• Competitive compensation
• Low-cost medical, dental, and vision benefits and paid life insurance premiums with no probationary period.
• OUC’s Hybrid Retirement Program includes a fully-funded cash balance account, defined contribution with employer matching along with a health reimbursement account
• Generous paid vacation, holidays, and sick time
• Paid parental leave
• Educational Assistance Program, to include tuition reimbursement, paid memberships in professional associations, paid conference and training opportunities
• Wellness incentives and free access to all on-site OUC fitness facilities
• Access to family-oriented recreational areas
• Paid Conference and Training Opportunities