Information Security Analyst III

Overview: 

• Research the latest information technology security trends, to keep current and promote use of the latest technology to protect our information by creating recommendations for company-wide best practices.

• Coordinate/Conduct frequent simulated cyber-attacks and penetration testing to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack.

• Tracking and coordinating known cyber vulnerabilities following them to completion and ensuring all are properly closed out.  

• Assist in system monitoring and remediation to manage security alerts and identify/reduce false positives.

• Development cyber security related strategies and approaches including a cybersecurity breach contingency and recovery plan.

• Research new tools and technologies to assist in the cyber security area.

• Coordination with external entities on critical cyber matters.

• Work with other IT Security team members to share information and promote a secure and proactive IT security environment. 

• Work with emergency management and COOP Planners to ensure that the Information Technology’s recovery plan is fully coordinated with the COOP and emergency plans.

• Investigate and document security breaches and other cybersecurity incidents including assessing damage potential.

• Perform computer forensics as needed.

• Implement and maintain vendor supplied security hardware components & software packages.

• Perform diagnostics for security problems and identify and analyze security risks. 

• Coordination of security assessments with internal audit and external vendors.

• Assist in developing security awareness and training programs for IT and employees who work with sensitive data.

•     Create and manage Cyber Security policies, standards, procedures, and guidelines.

• Work with confidential information obtained through security scans and assessments of BSD systems.

• Report status and progress on efforts to management as necessary. 

• Other related security duties as assigned.

• Knowledge of NIST Cyber Security Framework, CIS Security Controls.

• Experience with network and application security including firewalls, VLANs, routers, switches, Linux, Microsoft Windows and VMware operating systems, Oracle and Microsoft SQL Server databases, ecommerce, PCs.

• Experience performing penetration testing.

• Experience setting up firewall rules.

• Experience performing computer forensics.

• Experience with designing, implementing and managing an enterprise-wide security program.

• Experience working with outside vendors to coordinate testing and resolution of security vulnerabilities.

• Experience writing recovery plans, updating policies/procedures and documenting security breaches.

• Ability to efficiently and effectively communicate technical information to colleagues and management.

• Ability to manage time efficiently and multitask when appropriate in potentially high demand scenarios.

• Ability to solve problems and provide solutions that are technically, financially, and administratively responsible.

• Ability to provide competent, realistic estimates for cost, effort, and time requirements for assigned initiatives.

• Completion of one of the following recognized professional certifications: QSA (Qualified Security Assessor), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), SSCP (Systems Security Certified Practitioner), Certified Ethical Hacker (CEH)