logo

View all jobs

Sr. Information Security Analyst

Trumbull, CT
The Senior Information Security Analyst defines and continuously assesses information security architecture, processes, and procedures. The senior analyst is responsible for proposing, creating, and maintaining security baselines and standards. The Analyst streamlines remediation of identified vulnerabilities and risks on the company’s network, systems, applications. This role continuously evaluates, proposes, and manages change to the environment by collaborating across teams and functions to identify and reduce risk.

The senior analyst evaluates existing controls, establishes governance around existing policies and procedures, and reports on deviations from established policy with remediation plans to address risk. The role participates in audits to meet regulatory and non-regulatory standards and requirements (SOX, HIPAA, PCI. GDPR).

The Senior Information Security Analyst is engaged in risk management and mitigation, including evaluating vendor risk, understanding third-party risk, and data privacy issues. The analyst participates in the continued development of incident response plans and disaster recovery plans. The individual works closely with other teams to develop controls such as firewalls, business systems, data leakage protection systems, patching, encryption, vulnerability scanning, application code scanning, remediation as well as advises on configuration for a variety of security tools. Prior experience in an international enterprise environment is essential.

Responsibilities:
  • Continuously evaluate the effectiveness of the SOC and make recommendations for continuous improvement
  • Create project plans and manage information security projects throughout the project life cycle
  • Monitors and reports the effectiveness of security tools and controls in the environment
  • Sets security standards and best practices across projects in cross functional IT teams
  • Works with compliance teams to ensure solutions meet security policies and procedures
  • Collaborate with IT teams for input and operational requirements to design and implement the company's overall cybersecurity strategy.
  • Identify security gaps discovered through ongoing monitoring of all information security controls and propose enhancements to security controls.
  • Evaluate and/or propose cybersecurity solutions and controls to maintain confidentiality, integrity, and availability.
  • Participate in proofs-of-concept for new security technologies.
  • Develop security, risk, and compliance reports and alerts.
  • Participate in an annual review of policies and procedures to support information security, risk, and security compliance activities.
  • Participates in the development, testing, and implementation of disaster recovery procedures for the cybersecurity technology in place.
  • Analyzes and measures the organization against CIS critical security controls implemented within the organization and make recommendations to improve security posture.
  • Provides input into strategic roadmaps and annual budget.
  • Complies with applicable change management policy and all department procedures.
  • Effectively communicates with senior management and participates in steering committee presentations

Qualifications:
  • Bachelor's degree or equivalent certifications\experience required. Candidates must possess analytical skills, which evolved from training in Cybersecurity, Information Systems, Computer Science, or similar discipline.
  • Minimum 5 years of business experience in Information Security.
  • Experience with information security framework models such as NIST, CIS, ISO27001, etc., implementing and auditing security measures, security response, and incident management.
  • Understanding and knowledge of infrastructure such as network switches, routers, firewalls and VPN, network security, administration of DLP, antivirus\antimalware, IDS/IPS, SIEM, SMTP, Email security, AD, Group Policy, DNS, DHCP, and VLANs.
  • Ability to propose and create security baselines\standards for hardening infrastructure
  • Experience with SCAP compliant scanners and STIGS for configuration management
  • Experience with identity access management solutions, such as SAML\OATH, MFA.
  • Experience analyzing and reacting to alerts from HIDS and NIDS
  • Relevant information security or cybersecurity certifications.
  • Ability to analyze and recommend changes to existing security landscape where necessary to meet information security objectives.
  • Participates in change management meetings and provides expert input to ensure security is maintained.
  • Knowledgeable in security best practices such as encryption, hashing, vulnerability scans, event log monitoring, intrusion detection and prevention, eDiscovery, and content filtering.
  • Ability to manage and continuously improve upon vulnerability management program.
  • Ability to propose solutions for closing identified vulnerabilities in the infrastructure.

Desired Qualifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CEH)
  • Experience with risk management frameworks and continuous risk management practices
  • Knowledge and experience with Microsoft Office and Visio.
  • Knowledge of WAN technologies, including SD-WAN.
  • Knowledge of cloud providers' security (AWS, GCP, or Azure).
  • Prior experience managing DNS filtering technologies, EDR solutions
  • Prior experience with SIEM, configuration management, hardening, and vulnerability scanning
  • Experience with identity access management systems (IDaaS)
  • Project management skills are highly desirable.
  • Previous experience in a HIPAA/FDA regulated environment.

Competencies:
To perform the job successfully, an individual should demonstrate the following behaviors:
  • Motivation/Initiative: Motivated and curious, willing to ask questions, research issues, and take on challenging projects/assignments; creative, brings new ideas to the table, exhibits self-confidence. Has strong achievement motivation and tenacity.
  • Administrative Skills: Possesses ability to organize and follow-through on multiple tasks, recognizes and attends to important details with accuracy and efficiency. Works to complete goals, tasks, and plans, anticipate potential problems, and analyze alternative solutions.
  • Interpersonal Style: (Interpersonal Skills, Communication, Teamwork); develops/ maintains effective working relationships; listens attentively to others; communicates ideas clearly (written & verbal); relates to people in an open/ sincere manner; participates effectively in meetings; assists in finding solutions as well as identifying problems; communicates appropriately with supervisor, and co-workers. Able to influence other individuals and maintain calm and reliable demeanor in the face of challenges.
  • Self-Management: (Adaptability/Flexibility, Stress Tolerance, Autonomy); adapts readily to changes in routine; works effectively in stressful situations; needs limited guidance and direction; is comfortable working in a fast-paced environment; is reliable and dependable; is results-oriented; maintains productivity and composure under pressure; views problems as opportunities to create solutions.
#
 

More Openings

Embedded Engineer
Linux Systems Engineer

Share This Job

Powered by