The Information Security Analyst II will play a crucial role in safeguarding the company's assets and ensuring the confidentiality, integrity, and availability of our information systems and data. The Information Security Analyst II will be responsible for monitoring, analyzing, and responding to security threats and vulnerabilities, while actively contributing to the enhancement of our cybersecurity posture.
In addition, the Information Security Analyst II will proactively monitor the ever-evolving threat landscape to ensure the company maintains relevant security controls to mitigate any potential risks.
Essential Functions
Security Governance
Understand the security landscape and contribute to the development and review of security policies and procedures to address new regulations, threats, or best practices.
Stay abreast of Audit requirements and assist with the management of self-audits and Internal/External audits.
Contribute to the development of end user security training and awareness program.
Threat Management
Assist with periodic security assessments, vulnerability, and pen tests.
Assist with the tracking of any remediation required due to security assessments / tests.
Review security tool logs to look for any potential security issues or breaches.
Security Roadmap
Contribute to the development of the Security Program Roadmap.
Security Engineering
Assist with identifying potential security technologies and researching their capabilities.
Contribute to the design and implementation of security solutions.
Supplemental Duties and Responsibilities
Pursues training and development opportunities; strives to continuously build knowledge and skills
Assist personnel in other technology departments to resolve technical and/or application issues
Participate and assist in the coordination of both internal and external audits
Participate in On-Call rotation
Other duties as requested
Required & Preferred Qualifications
Bachelor's Degree or equivalent work experience in a related field required
3+ years' experience in an Information Security role to include experience in assessing and recommending internal application and infrastructure controls required
Professional security management certification, such as a CompTIA Security+ is highly desirable
Must be self-motivated and able to work independently, with minimal supervision and as part of a team
Knowledge and hands-on experience with a Security Incident and Event Monitoring (SIEM) tool, performing log analysis, correlation, and incident response, required.
Experience in the monitoring and the development of new rules to address detection gaps, required
Experience in utilizing vulnerability management tools to identify, assess, and collaborate with other teams to remediate security risks highly desired
Experience in utilizing, managing, and optimizing a centrally managed EDR/XDR solution, highly desired
Knowledge and experience with common information security management frameworks and best practices, specifically the National Institute of Standards and Technology (NIST) frameworks and Center for Internet Security (CIS) Critical Security Controls desired
Knowledge and experience with security infrastructures and networking concepts (e.g. Basic routing, NT, Firewalls, IDS/IPS, VPN, Secure Email Gateways, Web Content Filters, Proxies, DLP) preferred.
General understanding of technical infrastructure (Virtualization, Active Directory, Applications, various Operating Systems, etc.)
Understanding of authentication concepts, SSO, encryption, ciphers, certificates, and various MFA technologies
Detail oriented with excellent interpersonal communication skills
Expected to partner, collaborate, and mentor effectively with other teams on an ongoing basis
Strong analytical skills and the ability to present information in an easily consumable format
Strong organizational skills and ability to multi-task in an enterprise business environment.
Ability to manage and track completion of projects and remediation tasks
Proficient technical documentation skills
Strong written, verbal, and presentation communication skills and ability to communicate at all levels within an organization