Cybersecurity Analyst
The Cyber Security Analyst II is responsible for the design, implementation, and administration of information security systems with a focus on end users and endpoint and mobile security. This individual will also contribute to planning, design, and implementation of information security initiatives including end user awareness and training, application security, data protection, network security, and identity and access management.
The Cyber Security Analyst II is responsible for ensuring that secure practices, procedures, and policies are designed and implemented, and will assist in the design, implementation, administration, and monitoring of systems which provide compliance evidence. The ITS Security Analyst also provides project oversight and management and may collaborate with external vendor and partners as required.
Responsibilities:
- Proactively protect the integrity, confidentiality, and availability of information technology resources and services
- Monitor information security systems and respond to indications of malicious system activity, suspected information technology asset loss, misuse, or noncompliance issues
- Develop information security standards, processes, and procedures
- Document the design, architecture, and operating procedures of information security systems
- Provide technical support for information security systems
- Research and keep information security team informed of new vulnerabilities, technologies, tools, services, and practices
- Participate in IT incident response, disaster recovery, and business continuity planning
- Develop programs for end user awareness, user account provisioning, and workflow automation
- Application security and data protection
- Participate in the design and implementation of application and system log data collection, correlation and analysis
- Participate in the design and implementation of IT endpoint security policies and procedures leveraging Endpoint Detection and Response (EDR), Email Protection, anti-malware vulnerability management and patch management technologies
Qualifications :
- Bachelor’s or Master’s degree (preferred) in Computer Science, Engineering, Information Systems or related discipline
- CISSP Preferred
- Two years of experience directly related to information technology security in medium to large international enterprise environments with focus on customer service and end user support
- Experience with IT security components, including some combination of application security tools, Endpoint detection and Response (EDR), Email Protection, SIEM
- Knowledge of applicable laws and practices relating to information privacy and security
- Knowledge of current security standards and regulations such as ISO 27001/2, PCI, COBIT, NIST, SANS, and HIPAA
- Analytical and problem-solving skills and ability to apply those skills to information security privacy issues
- Experience with heterogeneous networks consisting of Windows, Linux, and Mac systems
- Experience building secure endpoint configurations, OS and application patching, and scripting
- Ability to conduct research into security issues and products
- Ability to effectively communicate both verbally and in writing to both technical and non-technical staff
- The ability to prioritize and execute tasks in crisis situations
- The ability to apply effective organizational skills and excellent attention to detail
- Working knowledge of current project management principles, processes, methodologies, and tools
- Knowledge of compliance auditing and evaluation techniques, technologies, and methodologies is desirable
- The ability to provide support after normal business hours as needed
- Other Requirements : --Ability to transfer/obtain/maintain a U.S. government security clearance required. See http://www.dss.mil/psmo-i/ps_faqs.html
- --Export licenses/client approval may be required for foreign nationals due to project work requirements. See http://www.sri.com/careers/compliance-and-policies
- --U.S. Citizenship required.