Information Security Analyst

The Information Security Analyst is responsible for Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce, and web-based systems. Administers cybersecurity policies to control physical and virtual access to systems. Performs network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. Conducts penetration testing and vulnerability assessments of applications, operating systems and/or networks. Responds to cybersecurity breaches, identifies intrusions, and isolates, blocks, and removes unauthorized access. Researches and evaluates cybersecurity threats and performs root cause analysis. Assists in the creation and implementation of security solutions. Provides information to management regarding impact on the business caused by theft, destruction, alteration, or denial of access to information and systems. 

Responsibilities: 

• Analyze threats to existing processes and systems and stay updated on evolving threats and vulnerabilities. 
• Respond to indications of attack or compromise, ensuring timely resolution. 
• Use security tools and identify automation opportunities. 
• Evaluate risks using established frameworks and methodologies. 
• Apply information security, compliance, assurance, and other security practices professionally. 
• Proactively address and resolve security-related issues. 
• Identify and implement opportunities to enhance security systems and protocols. 
• Develop and maintain documentation for best practices, system configurations, and troubleshooting guidelines. 
• Lead and coordinate security projects to ensure timely completion. 
• Support team members to promote a collaborative environment. 
• Contribute to defining and evolving security best practices within the organization. 
• Conduct or facilitate security awareness training sessions for employees. 
• Regularly perform vulnerability assessments and recommend mitigation strategies. 
• Monitor and review security patches for timely applications. 
• Assist in developing, reviewing, and updating organizational security policies and procedures. 
• Collaborate with IT departments to integrate security measures into projects and systems. 
• Configure and fine-tune security tools for improved capabilities. 
• Ensure compliance with industry regulations and standards, such as SOC-2, ISO27001. 
• Assist in digital forensics investigations during security incidents. 
• Evaluate the security postures of third-party vendors and recommend security requirements for contracts. 

Required Skills: 

• Understanding of common Information Security concepts, practices, and procedures. 
• Understanding of vulnerability analysis, penetration testing, encryption technologies, intrusion detection, incident response. 
• Proficiency in Microsoft tools such as Azure, Defender, and Office.
• Proficiency with the Atlassian suite
• Proficiency in Endpoint detection and Response tools such as CrowdStrike or SentinelOne
• Experience with vulnerability management tools such as Tenable or Radpi7 InsightVM
• Experience with SIEM tools such as Splunk, Rapid7 IDR, Google Chronicle
• Excellent attention to detail and strong documentation skills.  
• Outstanding verbal and written communication skills.  
• Exceptional problem-solving abilities. 

Education & Experience:  

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related area of study.
• 2+ years of relevant experience. 
• Industry certifications in cyber security incident management preferred.  
• Experience in analyzing network logs. 
• Experience in Network Security or Application Security. 
• Experience with security tools such as EDR, SIEM, EUBA, SOAR.