This role is for a 1 year contract, with the potential for renewal subject to budget and business requirements.
The Senior Security Analyst is primarily responsible for administrating and maintaining systems. The Analyst will be required to perform other Information Security related tasks as well.
The role requires an in-depth understanding of Information Security practices as well as a good understanding of Microsoft products (such as Windows, Outlook/Exchange/O365), Vulnerability Management, Anti-Virus, Identify & Access management, the network (proxy servers, firewalls), databases and exposure to a DLP product (such as Symantec, McAfee or RSA).
The Analyst will be a member of the Information Security team and work under the supervision of the Manager, Information Security.
The Senior Security Analyst will be responsible for monitoring systems, both Host and Network-based, and help improve the implementation of those systems. The activity of monitoring includes daily review of the product consoles, analyzing the events, and determining which events are actionable. The Senior IT Security Analyst will need to interact with all business functions, bridging the gap between technical data and business objectives.
Responsibilities include but not limited to:
- Perform daily monitoring and analysis of host and network alerts and investigate output.
- Assist with resolution of operational product deployment, implementation, and technical issues.
- Engage with business contacts and IT to identify sensitive data and monitor for unauthorized disclosures.
- Resolve and document complex security incidents.
- Prepare formal incident reports.
- Be a secondary responder for cyber-security incidents.
- Generate reports and create dashboards for leadership
- Create/update and maintain reporting dashboards using business intelligence and data analytics tools
- Data Loss Prevention reporting, analysis, investigation and remediation
- Review and assess Open Source Software for security and licensing Risks
- Proactively audit the network security environment and provide actionable information pertaining to risk discovery and remediation technologies, techniques, and processes.
- Consult, advise, and collaborate with department staff and personnel within ITS to coordinate data security related activities.
- Assist other Senior IT Security analysts with developing and implementing of a security incident response process and the maintenance of all associated documentation.
- Update skills as necessary to support Security and remain knowledgeable of industry standards and advancements.
- Role requires you to provide on-call after-hours support and you may be required to carry a pager.
- Performs other security duties, when required.
Position may require on-call and after hours work, as needed to support business needs
- Associate degree in a related technical field or equivalent experience.
- CISSP, CISA, CISM or other similar Security certification
- Microsoft MCSE/MCSA and/or Cisco certification preferred
- Minimum of 3 years of progressive experience in information services, including two years in systems security with certification, maintenance and use of security products in a distributed enterprise environment.
- Minimum of 2 years’ experience in security operations/support
- Experience in Windows, CISCO routers and switches, Encryption, Defense Strategies, and Hacker Techniques.
- Experience in complex multi-site LAN/WAN environments.
- Experience with network applications, such as Firewall Security and Virtual Private Networking.
- Experience with Ethernet and TCP/IP.
- Experience in Windows Active Directory.
- Experience in PowerShell Scripting and/or Python
- Experience with business intelligence and data analytics tools (PowerBI, Tableau)
- Application scanning experience using tools such as Fortify, Coverity, BlackDuck, Seeker & Burpsuite
- Exposure to Azure and AWS
- Knowledge of network and host IDS/IPS.
- Familiarity working with databases (Oracle, SQL) schema, queries, entries, creation
- Ability to analyze and understand technical information
- Ability to successfully interact with non-technical business contacts
- Strong familiarity with data classification concepts and processes
- Deep understanding of data loss and data protection processes
- Experienced in a wide variety of technical solutions focused on data protection and cyber security