Information Security Analyst
Overview:
Job Summary:
The Information Security Analyst will provide service and operational support to all ACS Information Security Office service offerings and capabilities. The InfoSec Analyst will support project work upon request.
This position will support the security incident response system as well as the threat detection systems that monitor the environment. The Information Security Analyst is responsible for the analysis and documentation of security incidents, participate in the litigation hold processes, ensuring that security events are properly enumerated and resolved and accounted for in the ITSM tools.
The Information Security Analyst will support all GRC initiatives, participating in compliance audits and reviews of both systems and processes that govern the operations of Allegis IS and the personnel responsible for supporting these same systems.
Required in-office presence at least 4 days per week
Responsibilities:
Essential Functions:
- Work incidents and requests from the Security ticket queue
- Handle security escalations, identify and resolve critical security events requiring additional/specific investigation, triage and mitigation
- Assist the Information Security, Legal and Compliance teams in the creation of procedures, technical documentation, and completion of project tasks as required
- Generate and present reports aggregating incident data
- Review purchasing agreements, questionnaires, contracts and statements of work to ensure compliance with company security standards and requirements
- Provide guidance and support to the Legal and executive requests for data gathering and analysis
- Document and report assessment and incident findings to the Security Operations Manager and ISO
- Collaborate with IS management, the corporate Legal department, safety and security, and law enforcement agencies to manage risks and security vulnerabilities
- Collaborate with other IS groups to implement Information Systems policies, procedures, standards and guidelines
- Perform the operation of related compliance monitoring, auditing, and improvement activities to ensure compliance both with internal corporate policies and applicable laws and regulations
- Represent the Information Security role in the Change Management, Incident Management, Patch Management, and Problem Management processes
- Actively participate in the IT security community to stay abreast of current standards and best practices.
- Maintain an industry standard information security certification
- Ensure time is accurately documented and reported for self in the project management system
- Support the on-boarding of new InfoSec employees and contractors
- Perform other related duties as assigned
Qualifications:
Minimum Education and/or Experience:
- Bachelor's degree in the field of MIS, computer science, information systems or computer engineering or equivalent experience
- 2 to 4 years of experience
- Ideal candidates will hold one or more of the following certifications:
- NET+, SEC+, SANS GIAC (GISF, GSEC or other)
- Experience with Agile methodology is a plus (ACP)
Skills/Abilities:
- Symantec/Data Loss Prevention technologies
- Security Operations Centers
- Encase Litigation/Hold process solutions
- Rapid7/NeXPOSE security scanning and management tools
- Microsoft - SharePoint, .NET, AD, ADFS, Windows 7, SQL Server
- Salesforce.com
- VMware, Citrix
- Incident and Problem management system support
- Basic understanding of Network, host, data, integration, and application access security in multiple operating system environments (Windows, Solaris, Linux, etc.)
- Basic understanding of Information Security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists
- Basic understanding of the Internet, web, application and network security technique
- Experience in successfully deploying new business processes and technologies
- Basic understanding of network scanning and intrusion detection products
- Basic understanding of Data Loss Prevention and threat detections systems
- Basic understanding of Federal/International regulations related to information security (FISMA, Computer Security Act, Safe Harbor, HIPAA, etc.)
Core Competencies:
- Build relationships
- Develop people
- Lead change
- Inspire Others
- Think critically
- Communicate clearly
- Create accountability
Benefits Overview:
Benefits are subject to change and may be subject to specific elections, plan, or program terms. This role is eligible for the following:
- Medical, dental & vision
- Hospital plans
- 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
- Life Insurance (Company paid Basic Life and AD&D as well as voluntary Life & AD&D for the employee and dependents)
- Company paid Short and long-term disability
- Health & Dependent Care Spending Accounts (HSA & DCFSA)
- Transportation benefits
- Employee Assistance Program
- Tuition Assistance
- Time Off/Leave (PTO, Allegis Group Paid Family Leave, Parental Leave)
Salary Range:
- $58,300.00 - $87,500.00
- The position is bonus eligible