The Senior Information Security Analyst defines and continuously assesses information security architecture, processes, and procedures. The senior analyst is responsible for proposing, creating, and maintaining security baselines and standards. The Analyst streamlines remediation of identified vulnerabilities and risks on the company’s network, systems, applications. This role continuously evaluates, proposes, and manages change to the environment by collaborating across teams and functions to identify and reduce risk.
The senior analyst evaluates existing controls, establishes governance around existing policies and procedures, and reports on deviations from established policy with remediation plans to address risk. The role participates in audits to meet regulatory and non-regulatory standards and requirements (SOX, HIPAA, PCI. GDPR).
Participates in the development, testing, and implementation of disaster recovery procedures for the cybersecurity technology in place.
Analyzes and measures the organization against CIS critical security controls implemented within the organization and make recommendations to improve security posture.
Provides input into strategic roadmaps and annual budget.
Complies with applicable change management policy and all department procedures.
Effectively communicates with senior management and participates in steering committee presentations
Bachelor's degree or equivalent certifications\experience required. Candidates must possess analytical skills, which evolved from training in Cybersecurity, Information Systems, Computer Science, or similar discipline.
Experience with information security framework models such as NIST, CIS, ISO27001, etc., implementing and auditing security measures, security response, and incident management.
Understanding and knowledge of infrastructure such as network switches, routers, firewalls and VPN, network security, administration of DLP, antivirus\antimalware, IDS/IPS, SIEM, SMTP, Email security, AD, Group Policy, DNS, DHCP, and VLANs.
Ability to propose and create security baselines\standards for hardening infrastructure
Experience with SCAP compliant scanners and STIGS for configuration management
Experience with identity access management solutions, such as SAML\OATH, MFA.
Experience analyzing and reacting to alerts from HIDS and NIDS
Relevant information security or cybersecurity certifications.
Ability to analyze and recommend changes to existing security landscape where necessary to meet information security objectives.
Participates in change management meetings and provides expert input to ensure security is maintained.
Knowledgeable in security best practices such as encryption, hashing, vulnerability scans, event log monitoring, intrusion detection and prevention, eDiscovery, and content filtering.
Ability to manage and continuously improve upon vulnerability management program.
Ability to propose solutions for closing identified vulnerabilities in the infrastructure.
Knowledge of cloud providers' security (AWS, GCP, or Azure).
Prior experience managing DNS filtering technologies, EDR solutions
Prior experience with SIEM, configuration management, hardening, and vulnerability scanning
Experience with identity access management systems (IDaaS)
Project management skills are highly desirable.
Previous experience in a HIPAA/FDA regulated environment.
Competencies: To perform the job successfully, an individual should demonstrate the following behaviors:
Motivation/Initiative: Motivated and curious, willing to ask questions, research issues, and take on challenging projects/assignments; creative, brings new ideas to the table, exhibits self-confidence. Has strong achievement motivation and tenacity.
Administrative Skills: Possesses ability to organize and follow-through on multiple tasks, recognizes and attends to important details with accuracy and efficiency. Works to complete goals, tasks, and plans, anticipate potential problems, and analyze alternative solutions.
Interpersonal Style: (Interpersonal Skills, Communication, Teamwork); develops/ maintains effective working relationships; listens attentively to others; communicates ideas clearly (written & verbal); relates to people in an open/ sincere manner; participates effectively in meetings; assists in finding solutions as well as identifying problems; communicates appropriately with supervisor, and co-workers. Able to influence other individuals and maintain calm and reliable demeanor in the face of challenges.
Self-Management: (Adaptability/Flexibility, Stress Tolerance, Autonomy); adapts readily to changes in routine; works effectively in stressful situations; needs limited guidance and direction; is comfortable working in a fast-paced environment; is reliable and dependable; is results-oriented; maintains productivity and composure under pressure; views problems as opportunities to create solutions.