Security Operations Analyst
Job Description:
The Security Operations analyst job role requires a very motivated goal driven individual with strong interpersonal, communication and organizational skills. Must be detail oriented, with a strong work ethic, able to work with minimal supervision. The role also requires an individual who will act as a security liaison with groups within and outside of the organization's IT. The Security Analyst’s primary job role is to reduce risk to JobTarget Information Systems, Platforms and Applications through the understanding and the adherence to a risk management framework and to provide governance through the drafting and socialization of security standards, guidelines, policies, and procedures.
What We Can Offer
- 20 Paid Time Off with 5 convertible to cash at the end of the year
- HMO with 1 free dependent
- Group Life and Accident Insurance
- Other exciting monetary allowances
- Great team, culture, and environment and tons of opportunity for career growth
Work Schedule: Day/Night
Work Type: Remote / Office-Based / Both
Position To Fill: One
What You'll Do
Reducing risk through governance and education:
- Responsible for being the Subject Matter Expert (SME) for Information Security Incident Response Actions, ensuring incidents are properly triaged, addressed, tracked, and closed.
- Create Incident Response Playbooks and help in developing Standard Operating Procedures (SOP).
- Responsible for performing internal and external security assessments/testing to validate the effectiveness of current security infrastructure using commonly available security assessment tools and make recommendations to remediate identified risks or vulnerabilities.
- Responsible for review and audit of assets such as VPN, Firewall, & IDS/IPS Configuration & Management.
- Responsible for assisting in the development of appropriate security related policies, procedures, guidelines, standards, benchmarks/metrics and/or processes for network infrastructure, servers, firewalls, intrusion detection/prevention (IDS/IPS) appliances and software.
- Responsible for monitoring, management and review of network security components and event management applications, as well as the ability to make prudent recommendations for improving overall network security.
- Responsible for assisting in various projects to ensure corporate governance of security and compliance with applicable regulations.
- Generates Information Security metrics and reports for executive leadership
- Liaisons with Legal for vendor management, e-discovery, and basic forensics
- Directs Security Awareness Training for employees
- Develops policy documentation
What You Need to Qualify
Core Skills
- Acts responsibly with sensitive and confidential information
- Is creative and resourceful as a problem solver
- Consistently demonstrates the drive to deliver successfully even under difficult timelines
- Has strong analytical, methodical, investigative, and auditing skills
- Knows when to make practical rational decisions that reduce risk to JobTarget information and Information systems
- Good written and verbal communications skills
- Good technical writing skills
- A critical logical thinker who is efficient and methodical
TECHNICAL SKILLS
Good understanding of the following:
- Background in a security governance model such as NIST, ISO, PCI, or HIPPA.
- Experience in developing cybersecurity policies and procedures
- Familiarity with risk management frameworks.
- Familiarity with Asset Management
- Able to define and understand various lines of business and the relationship to cybersecurity roles, responsibilities, and risk management decisions.
- Familiarity with access control management and strategies
- Able to manage vulnerability remediation through use of mitigation strategies
- Familiarity with security control assessments and procedures
- Ability to perform audits of systems, software, and security controls
- Familiarity with administering a corporate security awareness training program
- Experience with vetting vendors and vendor management
- Familiarity with legal and regulatory compliance requirements.
- HIDS/NIDS
- Network Monitoring Tools
- Case Management System
- Web Security Gateway
- Email Security
- Data Loss Prevention
- Network Access Control
- Encryption
- Vulnerability Identification
Job Experience
- 5 years in a role within Information Technology
- 1-3 years in auditing systems, applications, and networks for security risks
- 1-3 years documentation experience
Desired Technical Certifications
- Security+ or equivalent
Desired Education
- Bachelor’s Degree Required or equivalent experience
Required Skills:
Configuration Management Reports Network Infrastructure Remediation Corporate Governance Mitigation Development Regulatory Compliance Prevention Environment Information Security Network Security SME BASIC Firewalls Asset Management Timelines Management System Vendor Management Event Management Information Systems Metrics Components Auditing Servers Risk Management Infrastructure Salary Insurance Cash Regulations Writing Information Technology Security Vendors PHP Education Email Documentation Software Testing Leadership Communication Business Training Management