IT Security Analyst

Description

PURPOSE:

We are seeking an experienced IT Security Analyst with a strong focus on Cybersecurity Maturity Model Certification (CMMC) compliance and ITIL best practices. The ideal candidate will be responsible for enhancing the security posture of our organization, ensuring compliance with CMMC requirements, and integrating ITIL methodologies into our IT service management processes.

Our IT Security Analyst will focus on achieving and maintaining security audit requirements as well as working within the IT and cross-functional teams to refine ITIL best practices within our IT service management processes. The position will also work collaboratively with user groups to optimize manufacturing processes by evaluating and integrating IT solutions. However, much of this role will be focused on the following areas:

· CMMC Compliance:

o Develop, implement, and manage policies and procedures to ensure compliance with CMMC standards.

o Conduct risk assessments and security audits to identify vulnerabilities and gaps in compliance.

o Collaborate with teams to implement necessary security controls and practices aligned with CMMC levels.

· IT Security Management:

o Monitor network security and respond to incidents to mitigate risks effectively.

o Implement and maintain security tools and technologies (e.g., firewalls, intrusion detection/prevention systems).

o Conduct regular security training and awareness programs for staff.

· ITIL Integration:

o Apply ITIL best practices to improve IT service management and security processes.

o Collaborate with service management teams to ensure security is integrated into the service lifecycle.

o Contribute to continual service improvement initiatives, focusing on enhancing security measures.

· Documentation and Reporting:

o Maintain comprehensive documentation of security policies, procedures, and compliance activities.

o Generate reports for management on security metrics, compliance status, and incident response efforts.

· Collaboration:

o Work with cross-functional teams to ensure security requirements are integrated into project planning and execution.

o Liaise with external auditors and assessors during compliance audits.

The IT security analyst will act as an IT security ambassador to cross-functional teams through comprehensive status reporting, developing risk assessments, and executing upon project plans and priorities. 

 DUTIES, RESPONSIBILITIES, ESSENTIAL FUNCTIONS:

• Monitor Security Events: Continuously monitor network traffic, security logs, and alerts from various tools (e.g., firewalls, SIEM systems) to detect suspicious activities.
• Incident Detection: Identify and investigate potential security incidents, such as unauthorized access, malware infections, or data breaches.
• Incident Response: Respond to security incidents in real-time, containing the threat, mitigating damages, and ensuring proper recovery of systems.
• Reporting Security Incidents: Document incidents thoroughly, including the nature of the attack, remediation      steps taken, and any potential vulnerabilities exploited.
• Conduct Security Assessments: Perform regular vulnerability scans and assessments to identify weaknesses in systems,      networks, and applications.
• Penetration Testing: Perform or oversee penetration testing to simulate attacks and uncover potential security gaps.
• Evaluate Security Risks: Analyze the risk level associated with different vulnerabilities and provide recommendations for mitigating risks.
• Develop and Update Risk Management Plans: Collaborate with management to ensure that risk management plans are in place and regularly updated based on new risks or vulnerabilities.
• Develop Security Policies: Help develop and enforce security policies, standards, and best practices for the organization (e.g., password policies, data protection protocols).
• Monitor Access Controls: Manage access control systems, ensuring that only authorized personnel can access sensitive data and systems.
• Deploy and Maintain Security Tools: Configure and manage security tools such as firewalls, antivirus software, intrusion      detection/prevention systems (IDS/IPS), and data loss prevention (DLP) tools.
• SIEM Systems Management: Oversee Security Information and Event Management (SIEM) systems to correlate logs and      generate alerts for potential threats.
• Encryption and Data Protection: Implement encryption technologies to safeguard data, both at rest and in transit.
• Conduct Security Audits: Perform regular audits of systems and networks to ensure compliance with security standards and identify any areas for improvement.
• Ensure Regulatory Compliance: Work with legal and compliance teams to ensure that the organization adheres to applicable      laws and regulations regarding data privacy and security.
• Prepare for External Audits: Assist in preparing for external security audits and ensuring the organization's readiness for assessments by regulatory bodies.
• Perform Digital Forensics: In the event of a breach, conduct digital forensics to understand the nature of the attack, how the breach occurred, and what data may have been compromised.
• Post-Incident Reporting: Create detailed post-incident reports that outline the steps taken to resolve the incident, lessons learned, and recommendations for improving security posture.
• Employee Training: Educate employees on security best practices, such as recognizing phishing attempts, maintaining strong passwords, and reporting suspicious activities.
• Create Awareness Programs: Develop and deliver training programs to increase awareness of security threats and promote secure behaviors within the organization.
• Work with IT and Engineering Teams: Collaborate with IT, software developers, and other departments to ensure secure      development practices, system configurations, and network setups.
• Incident Communication: Act as a liaison between technical teams and management, providing updates on security      incidents and explaining technical concepts in a way that non-technical stakeholders can understand.
• Security Patch Management: Ensure that software and systems are kept up to date with the latest security patches.
• Improve Security Protocols: Continuously evaluate and enhance security protocols, tools, and procedures based on new threats and technologies.
• Incident Management: Manage and oversee the resolution of IT incidents, ensuring that service disruptions are minimized and that services are restored as quickly as possible.
• Problem Management: Identify and analyze the root cause of recurring incidents and prevent future occurrences through effective problem-solving techniques.
• Change Management: Coordinate IT changes (software updates, system changes) to ensure that they are managed in a structured and controlled way, minimizing disruptions.
• Request Fulfillment: Manage the lifecycle of service requests from users, ensuring they are processed in a timely and efficient manner.
• Service Level Management (SLM):  Define, monitor, and report on Service Level Agreements (SLAs) to ensure that IT services meet agreed-upon levels of quality and performance.
• Performance Monitoring: Track and report on key performance indicators (KPIs) for IT services to ensure they meet business requirements and identify areas for improvement.
• Continuous Improvement (CSI): Identify and recommend improvements to IT services, processes, and workflows based on performance data, user feedback, and industry best practices.
• Process Improvement: Analyze  and optimize IT processes to increase efficiency, reduce costs, and improve service delivery. This includes automating repetitive tasks and improving workflows.
• Documentation: Ensure that all ITIL-related processes, procedures, and knowledge articles are well-documented and easily accessible for IT staff and stakeholders.
• Process Standardization: Ensure that IT processes are standardized across the organization, promoting consistency and quality in service delivery.
• Liaison Between IT and Business: Act as the bridge between IT and business units, translating business needs into IT service requirements and ensuring that IT services support business objectives.
• Collaboration with Teams: Work closely with IT teams such as service desk, infrastructure, and application development to ensure seamless delivery of IT services.
• User Training and Awareness: Train employees and other stakeholders on ITIL processes and the proper use of IT services, ensuring they understand how to request services and report issues.
• Process Governance: Ensure that ITIL processes are being followed consistently and that process owners are held accountable for maintaining best practices.
• Training and Mentoring: Provide training and mentorship to IT staff on ITIL principles, ensuring that the organization remains aligned with the ITIL framework.

Requirements

EDUCATION AND/OR PROFESSIONAL LICENSE(s):

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Relevant certifications (e.g., CISSP, CISM, CISA, Security+, CMMC certification) are highly desirable.
• Proven experience in IT security, network security, and compliance, with a focus on CMMC and ITIL frameworks.
• Strong understanding of risk management, security controls, and regulatory compliance.

EXPERIENCE: 

• 3+ years in an IT network security or IT service management role focusing on certification and process optimization.
• Demonstrated ability to successfully lead, develop, and maintain IT projects.
• Relevant business/industry acumen with the ability to understand business priorities, operations, and IT enablement potential quickly and thoroughly.

KNOWLEDGE, SKILLS, AND ABILITIES:

To perform the job successfully, an individual should demonstrate the following competencies:

• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills to work effectively with technical and non-technical stakeholders.
• Proficient in security tools and technologies, as well as ITIL processes and practices.
• Ability to manage multiple projects and priorities in a fast-paced environment.
• Network Security: Understanding firewalls, VPNs, and intrusion detection/prevention systems (IDS/IPS) to secure networks.
• Incident Response: Ability to respond to and manage security breaches or other cyber incidents effectively.
• Vulnerability Assessment &  Penetration Testing: Skills in scanning and identifying vulnerabilities, performing penetration tests, and analyzing findings.
• Malware Analysis: Detecting, analyzing, and mitigating malware threats.
• Endpoint Security: Experience with endpoint protection tools and strategies (e.g., antivirus, EDR, XDR).
• Identity and Access Management (IAM): Skills in managing user authentication and authorization, such as MFA, SSO, or Active Directory management.
• Critical Thinking: Ability to evaluate risks and vulnerabilities, anticipate security issues, and plan mitigation strategies.
• Attention to Detail: Ensuring that even minor potential security threats are identified and addressed.
• Threat Intelligence: Ability to analyze and use threat intelligence to predict and mitigate future attacks.
• Forensics Analysis: Skills to investigate and analyze cyber incidents after they occur.
• Risk Management: Understanding how to conduct risk assessments, mitigation plans, and manage risk in alignment with the organization’s strategy.
• Auditing: Knowledge of security auditing and logging procedures, and the ability to participate in or conduct internal security audits.
• Adaptability: Being flexible in a rapidly evolving field, learning new security tools and techniques as necessary.
• Project Management: Ability to manage or contribute to security projects, coordinating timelines, resources, and stakeholders.
• Time Management: Prioritizing tasks, especially during times of crisis, like managing multiple security incidents.

PHYSICAL/MENTAL/COMMUNICATION REQUIREMENTS:

Employee is occasionally required to stand; walk; sit; manual dexterity to handle, or feel objects, tools, or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch, or crawl; talk or hear; and taste or smell. The employee may lift and/or move up to 50 lbs. Specific vision abilities required by the job may include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus. The individual must have a high level of comprehension, and a high level of general, verbal, written, and numerical intelligence.

WORK ENVIRONMENT:

Works majority of the day in a climate-controlled environment, except for or otherwise specified, performing work in the warehouse or manufacturing areas which are subject to changes in temperature and/or noise.

TRAVEL:

Limited travel required   

LOCATION:

Gentex’s Carbondale facility is located in Northeastern Pennsylvania in Lackawanna County. Carbondale, PA is about twenty miles north of Scranton, PA, 50 miles south of Binghamton, NY, and about 125 miles from New York City and Philadelphia. The area hosts numerous nearby state parks, nature preserves and local colleges and universities, including The University of Scranton and Marywood University. Northeast Pennsylvania is a beautiful area and offers an excellent cost of living. It is a great place to work, meet people, raise a family and live!

At Gentex, we don’t just accept difference—we celebrate it, we support it, and we thrive on it for the benefit of our employees, our products and our community. Gentex Corporation is an Equal Opportunity Employer M/F/Protected Veterans/Individuals with Disabilities. All qualified applicants will receive consideration for employment without regard to their protected veteran status or on the basis of disability. Gentex is an E-Verify Participant. Pre-employment drug/alcohol/background screening is required. If you have a disability and would like to request an accommodation in order to apply for a position with Gentex, please call our Human Resources department at (570) 282-3550.