Senior Security Analyst

About The Position

Requirements

• Bachelor’s Degree – Computer Science: Required
• 4 years of technical security experience.
• 4 years security detection techniques, event analysis and logic development.
• 5 years of IT operations experience.
• General knowledge of virus protection, penetration testing and communications security.
• Virus protection, penetration testing, security awareness and other information security concepts.
• Ability to communicate effectively with all levels of employees and outside contacts.
• Leveraging knowledge of the Cyber Kill Chain Framework and working familiarity of the MITRE ATT&CK Framework
• Having knowledge of malware analysis, Threat Hunting, Detection Engineering and reverse engineering

Nice To Haves

• Information Security, Digital Forensics Incident Response (DFIR), and penetration testing training and related certifications are desired but are not a requirement. Example CISSP, GIAC, Microsoft Certified Systems Administrator: Security

Responsibilities

• Administer critical security systems including but not limited to data loss prevention, network access controls, and intrusion prevention/detection.
• Acquire and maintain knowledge of rules and regulations to ensure compliance for all IT policies and applicable regulations.
• Provide input for network configurations, upgrades, performance, and disaster recovery to quickly resolve any situation in which data integrity issues, security vulnerabilities, or system interruptions may occur.
• Perform intrusion detection and response on all nodes on the network to ensure data integrity and protect the intellectual assets of the credit union through mitigation strategies and remediation activities.
• Work closely with the IT team to ensure systems updates and security patches are deployed consistent and effectively on all applicable systems.
• Maintain and verify software and vendor licenses for legal use and compliance in order to avoid interruptions to team member usage of software/hardware.
• Assist with the administration of the Comprehensive Information Security Program to ensure data integrity and protect the intellectual assets of the credit union.
• Prepare departmental procedures and documentation to track all changes made to network nodes while supporting controls and security initiatives.
• Plans, coordinates, and implements security measures for information systems to regulate access to computer data files and prevent unauthorized modification, intrusion, destruction, or disclosure of information.
• Trains users and promotes security awareness to ensure system security and to improve server and network efficiency
• Monitors current reports of computer viruses and intrusion detection to determine when to update virus protection or intrusion protection systems
• Documents computer security and emergency measures policies, procedures, and tests
• Confers with users to discuss issues such as computer data access needs, security violations, and programming changes
• Stay updated and educated on relevant and emerging threats such as malware or phishing campaigns, attack vectors, indicators of compromise, vulnerabilities, and current events
• Maintain a high quality of service for the Member Center Information technology systems with proactive system management.
• Assess, report, and communicate on threats, vulnerabilities and risks, recommending appropriate remedial actions for the impacted technologies, business units or departments
• Collaborate, brainstorm and develop solutions to better enhance the Cybersecurity program.
• Properly document issues and provide timely updates to the IT team on open issues/vulnerabilities and opportunities to create efficiencies.
• Coordinates the Information Security portion of external audits.
• Responsible for the maintenance of security risk assessments.
• Ensures adherence to the National Institute of Standards and Technology framework, and internal Security Program that ensures the integrity and confidentiality of 1st Advantage. These standards will relate to, but not limited to, anti-virus, physical security, and business continuity.
• Ensures the smooth running of the vulnerability scanning solution and engages with system owners on system patching.
• Continue to stay current on IT security trends and news and communicate with team members and managers
• Research, evaluate, document, and discuss findings with the IT teams and management
• Review various findings to provide recommendations to deliver security fixes and improvements
• Ensure enforcement of acceptable use policies and security guidelines