The IT Security Analyst will provide technical expertise and analysis in an effort to establish, implement and monitor executed security strategies. Successful candidates must have a working knowledge of supporting, monitoring and maintaining an enterprise-level Microsoft environment. This understanding of networked environments will allow the candidate to review, implement and support security-related functions such as vulnerability management, compliance monitoring, and continuous security monitoring.
- Develops and manages security for more than one IT functional area (e.g., data, systems, network and/or Web) across the enterprise.
- Assists in the development and implementation of security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines).
- Prepares status reports on security matters to develop security risk analysis scenarios and response procedures.
- Responsible for the tracking and monitoring of software viruses.
- Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates, and maintains and documents security controls.
- Involved in the evaluation of products and/or procedures to enhance productivity and effectiveness.
- Provides direct support to the business and IT staff for security related issues.
- Educates IT and the business about security policies and consults on security issues regarding user built/managed systems.
- Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
- Must have extensive knowledge in networking, databases, systems and/or Web operations.
Qualifications and KSAs:
- Bachelor’s Degree in Computer Science, Information Systems, Business Administration, Information Security or another related field; or equivalent work experience.
- 4 years’ experience in the essential functions of the position listed above.
- Knowledge of, and experience with, various computing technologies such as, but not limited to: Windows, Windows Server, proxies, firewalls, switches, routers, Transmission Control Protocol/Internet Protocol (TCP/IP)
- Knowledge of perimeter technologies (firewalls, proxies, intrusion detection/prevention systems (IDS/IPS) and vulnerability management tools.
- Knowledge in the use of information security practices and standards such as NIST, CIS Critical Security Controls and the Florida Cybersecurity Standards (74-2 Florida Administrative Code). Ability to review, assess and document compliance with standards.
- Knowledge of Microsoft Systems Center Configuration Manager (SCCM) and other Microsoft support tools/technologies such as Group Policy and PowerShell.
- Knowledge of the application of operating system security settings through direct manipulation of the registry.
- Knowledge of Security Information and Event Management (SEIM) tools. Ability to utilize, configure and manage SPLUNK preferred but not required.
- Skills in applying, analyzing and assessing information systems and security controls.
- Skilled in the detection of software and hardware security problems.
- Ability to analyze complex technical architecture for security issues.
- Ability to be self-motivated, detail-oriented with excellent follow through.
- Ability to assess and analyze risk and provide recommendations to successfully manage risk.
- Ability to author documented analysis of systems to verify compliance with security controls.
- Ability to effectively communicate orally and in writing to a variety of audiences. This includes the ability to communicate professionally with management, to communicate technical issues and concepts to non-technical staff, and to effectively explain security concepts and their benefit.
- Ability to solve problems independently and with teams and exhibit sound judgement and decision making skills.
WiredPeople provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, WiredPeople complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.