Sr Information Security Analyst

About The Position

Requirements

• Understanding of information security concepts and domains.
• Experience administering Windows and Linux servers or network systems (Arista, Cisco, HP).
• Understanding and/or experience with the following security technologies, firewalls (Fortinet), web application firewalls, IDS/IPS, e-mail encryption gateways, vulnerability scanning tools, forensics tools.
• Exposure to log/packet capturing & decoding of various attack signatures, such as recognizing SQL injections, cross-site scripting attacks, etc.
• Experience collaborating with vendors to implement security-related projects.
• Strong understanding of Microsoft Active Directory access rights, user access provisioning, SQL access and Operating System security.
• Working knowledge of Microsoft Azure, M365 cloud security, and InTune.
• Exposure to log/packet capturing & decoding of various attack signatures, such as recognizing SQL injections, cross-site scripting attacks, etc.
• Ethernet, TCP/IP, DHCP, DNS, Active Directory and enterprise level backup software.
• Experience with SIEM systems such as SumoLogic or Splunk.
• Effective verbal and written communications, including documenting activities, drafting reports, and presentation skills for findings and recommendations.
• Clear understanding of the English language (spoken and written)
• Customer service skills
• Time management skills
• Project planning and execution skills
• Detail-oriented
• Critical thinking, judgment and problem-solving skills
• Ability to actively listen and learn.
• Ability to work both independently and with others at all levels.
• Ability to communicate with Supervisors and Co-workers respectfully
• Ability to effectively deal with unpleasant, angry or discourteous people
• Minimum of six years of applicable security and system administration experience
• Bachelors in computer science or equivalent required. Security Certifications preferred from GIAC, ISC2, CompTIA such as CISSP, SSCP, CCSP, GCIH, CEH, etc.
• Microsoft Cloud Certifications such as Microsoft Certified: Azure Security Engineer Associate Microsoft Certified: Cybersecurity Architect Expert

Nice To Haves

• Automating security activities and data analysis via system automation scripting and data management (Python, PERL, PowerShell)
• Security-related MS SQL database administration
• Penetration Test experience

Responsibilities

• Responsible for the selection, design, configuration, administration, and monitoring of security controls, including maintaining reliability, performance, and availability of the systems.
• Contributes to IT and Information Security risk assessment documentation using an understanding of IT and Information Security risks and controls.
• Participates in research and development of security technologies that will assess/monitor/reduce vulnerabilities for the enterprise.
• Responsible for automating security activities and data analysis via system automation scripting and data management (Python, PowerShell).
• Responsible for documenting work activities in activity logs, periodic reports, problem management systems, change management systems, project tracking systems, and other similar systems.
• Responsible for documenting system design and configuration information.
• Documentation must be factually accurate and conform to business writing standards with minimal spelling, grammatical, or syntactical errors.
• Responsible for following Change Management procedures and minimize disruption to production systems by exercising good judgment and due care.
• When scheduled for on-call duty, responsible for all end-user support after hours, and ensuring that response times and service levels are within the guidelines established by management. Bank Security personnel must ensure that cell phones are on and available in the event of end-user support call or outage alert via text message. Bank Security personnel may be expected to be available to respond to critical situations, even if not scheduled for on-call duty.
• Complies with all State and Federal Banking regulatory requirements, including but not limited to: BSA, Anti-Money Laundering OFAC, CIP, Financial Elder Abuse Reporting, Sexual Harassment, Information Security and privacy requirements. This position will elevate suspicious activity to supervisory staff and/or BSA department. Completes compliance and other technical training workshops as assigned.