Information Security Analyst ( PCI / NIST / Network Hardening / Audit )


Position Summary: The Information Security Analyst (ISA) will provide security and risk management services to protect the organization's data and information assets from cyberattacks. The ISA will perform risk identification, assessment and remediation as well as regulatory and internal compliance monitoring using standards and processes as required to protect personnel, facilities, infrastructure, information, and business operations from unauthorized access. Completes tasks designed to ensure security of the organization's systems and information assets. Establishes and maintains effective working relationships with end users, vendors and managers to facilitate identification and resolution of hardware and software related security problems. Recommends security improvements by assessing current situation, evaluating trends, and anticipating requirements. Maintains and updates malware end-point protection software; mitigates vulnerabilities as identified. Plans and implements valid, reliable, and defensible information security controls to protect computer systems, networks, and data. Responsible for preventing data loss and service interruptions by researching new technologies that will effectively protect a network. Additional duties may include: • Creating, testing and implementing network disaster recovery plans • Installing firewalls, data encryption and other security measures • Recommending security enhancements and purchases • Training staff on network and information security procedures
Responsibilities: • Provide excellent customer service to users using good communication skills in a sympathetic manner. • Interact extensively with internal or external customers. • Critically understand company's operations and systems. • Provide security expertise to the company to ensure compliance with regulations. • Plan, create, implement and maintain security program documentation. • Conduct vulnerability assessments and carry out internal penetration tests. • Develop and track security metrics for security events and incidents. • Monitor the organization's network for security breaches and investigate a violation when one occurs. • Install and use software, such as firewalls and data encryption programs, to protect sensitive information. • Prepare reports that document security breaches and the extent of the damage caused by the breaches. • Research the latest information technology (IT) security trends. • Develop security standards and best practices for the organization. • Recommend security enhancements to management or senior IT staff. • Help computer users when they need to install or learn about new security products and procedures. • Define security requirements and review systems to determine if they have been designed to comply with established security standards. • Independently identify, assess and document system security deficiencies and recommend solutions. • Monitor various security tools to identify potential incidents, network intrusions, and malware events, etc. to ensure confidentiality; integrity, and availability of information systems. • Review and analyze log files to report any unusual or suspect activities.

• Follow established incident response procedures to ensure proper escalation, analysis and resolution of security incidents. • Work with the HR and training department to maintain and update the security awareness training program. • Collaborate with IT Operations team to ensure cybersecurity threats are properly identified, analyzed, communicated, addressed and/or defended, investigated, and reported to management. • Participate in investigations into any alleged computer or network security compromises, incidents or problems; recommends corrective actions. • Assess vendors' security controls to ensure new and existing vendors adequately protect customer information. • Stay up-to-date on the latest intelligence, including hackers' methodologies, in order to anticipate security breaches. • Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position. • Coordinate with network engineering, business application, and database administration functions to implement desktop and server systems that utilize industry best practices to meet corporate objectives. • Other duties as assigned.

Requirements: • Minimum of a Bachelor's degree in information security, information assurance, cybersecurity, or any related field. Related work experience may substitute for some years of education.

• One or more certificates (CompTIA Security+, CompTIA CySA+, CISSP, CCNP Security, etc.) preferred.
• Minimum 5+ years of network administration experience.
• 3+ years of experience in the Information Security or Cybersecurity industries.
• Knowledge of PCI-DSS methodology and controls
• Working knowledge of information security control standards
• Knowledge of security and risk management frameworks such as NIST, CIS, CSF. ISO.
• Working knowledge with Cisco and Dell firewalls as well as network perimeter security practices
• Knowledge of TCP/IP and related data network protocols.
• Knowledge of standard network protocols such as, TCP, ARP, ICMP, DHCP, HTTP, SNMP etc., and advanced features like IPSEC and IPv6 related protocols and accompanying protocol analysis tools.
• Experience with the design and configuration of a network DMZ.
• Knowledge of data retention strategies and policies related to personally identifiable information and other regulatory requirements.
• Strong technical knowledge of Windows Server 2003 – 2012 R2 including Active Directory, DHCP, DNS, load balancing, Client, RADIUS and ADFS.
• Experience in computer security combined with risk analysis, audit, and compliance. • Hands-on software and hardware troubleshooting experience.
• Knowledge of patch management, firewalls and intrusion detection/prevention systems. • Familiarity with public key infrastructure (PKI) and cryptographic protocols (SSL/TLS).
• Ability to conduct research into hardware and software issues and products as required.
• Comply with all written and stated company ethics and safety policies and procedures.
• Must be self-motivated and self-starter. Direction provided will be mid-level and focused on the tasks and projects with defined deadlines.

• Excellent interpersonal communication skills (written and verbal) to document complex concepts in a comprehensive manner. • Proven experience in large, complex enterprise-wide initiatives. • Proven analytical and problem-solving abilities. • Ability to effectively prioritize and execute tasks in a high-pressure environment. • Skilled at working within a team-oriented, collaborative environment. • Ability to present ideas and solutions in user-friendly language.

Please note: This client is not accepting candidates submitted by other staffing firms or agencies at this time. Self-employed corp-to-corp candidates are welcome. Thank you.

For immediate response please forward resumes to [email protected]
 
Eric Lyublinsky
Sr. IT Recruiter
(Direct) 407-205-1125
(Office) 800-360-1407
www.valintry.com

For a list of our current openings please visit Valintry's Jobs Webpage
 

18-05563