IT SECURITY ANALYST

Position Summary

Under the direction of the VP, IT, the IT Security Analyst protects the organization's technology infrastructure, computer systems, networks, and data from security breaches and cyber threats, unauthorized access, and other security breaches. The Security Analyst will monitor networks for potential vulnerabilities, investigate security incidents, and implement security measures such as security policies, firewalls and encryption to protect sensitive information.

Key Responsibilities

• Risk and Vulnerability Assessments: Conduct assessments to identify potential security risks and vulnerabilities within the organization's systems.
• Incident Response: Support and manage the Security Management Incident Response Policy to address security breaches and incidents.
• Data Protection: Implement processes to ensure data confidentiality, integrity, and availability.
• Provide leadership and oversight for security risk assessment projects, ensuring they implement industry best practices and follow company policies.
• Compliance: Identify compliance deficiencies, document findings, and monitor remediation efforts.
• Security Policies: Develop, implement, and maintain corporate-wide Information Security Policies, Programs, and Standards.
• Technical Assistance: Provide technical expertise in developing and deploying security components.
• Research: Conduct research on security products and trends to improve the organization's security posture.
• Reporting: Prepare reports on security breaches and the extent of damage caused.
• Software Installation: Install protective software such as firewalls and data encryption programs.
• Monitoring: Monitor on-premises networks and cloud environment for security breaches and investigate any incidents.
• Security Planning: Develop security plans and conduct testing of simulated cyber-attacks to identify vulnerabilities.
• Support: Assist users with securing access to company data.
  
  

Qualifications & Education

• Bachelor’s degree in computer science, information technology, cybersecurity, or a similar discipline.
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• CompTIA Security+
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Three plus years of experience in Security Roles, Cybersecurity / IT Security Analyst roles focused on critical infrastructure for IT/OT environments and security
• Experience with EDR/XDR tools (Sentinel One and Darktrace preferred).
• Experience with Vulnerability Scanning tools and process.
• Experience with Microsoft 365 Security admin center, Identity admin center, Purview admin center.
• Experience with Microsoft Azure User and Azure Group administration.
• Advance security certification (preferred), such as CISSP, CISM, CRIC, CISA, CGEIT.
• Advance understanding of security principles. Standards and process, including authentication and access control, secure configurations, network traffic analysis, endpoint security, application security, encryptions and key management, and cloud security .
  
  

Abilities

• Threat Hunting and Vulnerability Assessment: Identifying potential security weaknesses in systems and networks.
• Security Incident Response: Investigating and responding to security breaches and other incidents.
• Security System Implementation and Maintenance: Installing and maintaining security software such as firewalls, antivirus software, and encryption programs.
• Security Policy Development and Enforcement: Creating and enforcing security policies and procedures.
• Security Awareness Training: Educating employees on security best practices and procedures.
• Data Governance: Developing and implementing data governance policies to ensure data integrity and security.
• Risk Assessment: Identifying and assessing security risks to the organization.
• Threat Intelligence: Researching emerging cyber threats and vulnerabilities.
• Incident Response Planning: Developing and implementing incident response plans.
• Penetration Testing: Simulating attacks to identify vulnerabilities and improve security measures.
• System Patches and Updates: Ensuring systems are up to date with the latest security patches
  
  

Knowledge

• Strong understanding of networking, operating systems, and cybersecurity best practices.
• Experience with firewalls, intrusion detection systems, anti-malware software, Microsoft Azure Security Admin Center, Microsoft Azure Identity Admin Center, and other security tools.
• Knowledge of security protocols like HTTPS, TLS, and SSH.
• Ability to analyze network traffic and system logs.
• Strong analytical and problem-solving skills.
• Effective communication and collaboration skills.
• Proficiency in network security, firewalls, encryption, and penetration testing