Security Analyst

SUMMARY
The Security Analyst performs two core functions for the enterprise. The first is the day-to-day operations of the in-place security solutions while the second is the identification, investigation and resolution of security breaches detected by those systems. Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments. The IT Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.

As a federal contractor, CNI is a drug-free workplace and adheres to the Federal Controlled Substance Act.   

ESSENTIAL REQUIREMENTS

Must possess appropriate level of certifications for this position as required by the contract.

Must be able to obtain and maintain the required customer clearance for access to systems, facilities, equipment and property.

KEY DUTIES AND RESPONSIBILITIES

Essential Duties and responsibilities include the following.  Other duties may be assigned.

Participates in the planning and design of enterprise security architecture.

Participates in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures).

Participates in the planning and design of a risk management plan, enterprise business continuity plan and disaster recovery plan.

Maintains up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.

Leads the review and impact processes for all incoming cyber security information: bulletins, vendor notifications and communications from government sources. Determine if CNI is affected and then lead the resolution processes if necessary.

Recommends additional security solutions or enhancements to existing security solutions to improve overall enterprise security.

Helps ensure that up-to-date baselines are maintained for the secure configuration and operations of all in-place devices e.g. security tools, workstations, servers, network devices, etc.

Monitors and maintains all operational configurations of all in-place security solutions as per the established baselines.

Partners with CNI’s 3rd party SOC in identifying anomalies, reviewing logs and leading the change control process based on change recommendations from the SOC and other trusted sources.

Reviews logs and reports of all in-place devices. Interprets the implications of that activity and devise plans for appropriate resolution.

Participates in incident response tasks, partnering with 3rd party SOC, cyber security insurance vendors, and internal resources.

Participates in the design and execution of vulnerability assessments, penetration tests, and security audits.

Provides on-call support for end users for all in-place security solutions; this can be 24x7 support.

Assists in creation and maintenance of a patching schedule; work with technical teams to develop patching priorities.

Leads process for new software requests: communicating with requestor(s) at all stages of the request cycle, contacting vendors for security compliance confirmations, leading phone calls as necessary, providing a technical review of all software requests for the CNI environment and working with management for proper reviews and approvals.

Assists the Information Security Compliance Manager with developing relevant security data reports.

Assists the Information Security Compliance Manager with managing the security training system and confirming completion of training by all employees.

Assists in the creation and maintenance of plan, policy, and procedure review schedule for the Enterprise.

EDUCATION AND EXPERIENCE

Bachelor's degree and a minimum of one to two (1-2) years of relevant experience, or equivalent combination of education/experience.

PHYSICAL DEMANDS

Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job.

EOE including Disability/Vet