The Information Security Analyst will support day-to-day security operations, event/incident investigation, security control assessment, data analysis and reporting, and other infosec-related activities. The analyst will work with the Project team as well as Helpdesk Support team to communicate risks and vulnerabilities, recommended changes which will remediate issues and/or improve security, and create documentation or reports regarding infosec activity and incidents.
Essential Duties and Responsibilities
- Create policies to ensure our customers’ infrastructure and information assets are protected with BCS security offerings: including Sophos Anti-virus and Malware Protection, Sophos Intercept-X, and Encryption.
- Audit analyze, plan, execute, and manage multi-faceted projects related to the BCS security offerings for our customers including onboarding.
- Review customers IT Systems platforms to determine the current role of the system and seek out vulnerabilities
- Responsible for ensuring BCS Security offering has the necessary monitoring of the computing environment required to alert Helpdesk Support through the ticketing system.
- Consistently conduct in-depth test of customer’s systems of the current and newly implemented infrastructure for IT Security to ensure policies and settings are applied correctly.
- Analyze system generated information and trends in the data and develop improvements to increase a system’s performance.
- Assess the customers IT system for perceived or actual threats and respond to any issues that are presented and/or escalate where necessary.
- Enforce security policies and procedures, they monitor data security profiles on all platforms by reviewing security violation reports and investigating security exceptions.
- Responsible for reviewing and improving/developing response plans to any potential threat opportunities until the problem is mitigated completely.
- Develops and generates reports for management, customers, and other departments around the managed BCS security service/tools offerings.
- This role will monitor compliance with security policies, standards, guidelines and procedures while ensuring security compliance with legal and regulatory standards.
- Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
- Responds to security incidents (Helpdesk Support), conducts forensic investigations and targets reviews of suspect areas as well as develop action plans to address root causes of security-related problems.
- Collaborates on projects to ensure that security issues are addressed throughout the project life cycle.
- Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
- Provides responsive support for problems found during normal working hours as well as outside normal working hours as needed.
Competencies, Skills, and Qualifications
- 4-5 years of security experience working with Endpoint Security, Intrusion Prevention, and Firewall security
- Proven work experience as a system security engineer or information security engineer
- Experience in building and maintaining security systems
- Detailed technical knowledge of database and operating system security
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc
- Experience with network security and networking technologies and with system, security, and network monitoring tools
- Thorough understanding of the latest security principles, techniques, and protocols
- Problem solving skills and ability to work under pressure
- Ethical Hacker - Preferred / Development Plan
- Associate of (ISC)² - Preferred / Development Plan
- CISSP (Certified Information Systems Security Professional) – Preferred / Development Plan
- CCNP Security – Preferred / Development Plan