Information Security Analyst

Job Summary:  

The Information Security Analyst is responsible for Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce, and web-based systems. Administers cybersecurity policies to control physical and virtual access to systems. Performs network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. Conducts penetration testing and vulnerability assessments of applications, operating systems and/or networks. Responds to cybersecurity breaches, identifies intrusions, and isolates, blocks, and removes unauthorized access. Researches and evaluates cybersecurity threats and performs root cause analysis. Assists in the creation and implementation of security solutions. Provides information to management regarding impact on the business caused by theft, destruction, alteration, or denial of access to information and systems. 

Responsibilities: 

• Analyze threats to existing processes/systems and stay updated on evolving threats and vulnerabilities. 

• Respond to indications of attack or compromise, ensuring timely resolution. 

• Demonstrate a working knowledge of security tools and identify automation opportunities. 

• Evaluate risks using established frameworks and methodologies. 

• Address distributed system debugging and incident response tasks. 

• Undertake reverse engineering tasks to understand and analyze software components. 

• Demonstrate professional application of information security, compliance, assurance, and other security practices. 

• Proactively address and resolve security-related issues. 

• Identify and implement opportunities to enhance security systems and protocols. 

• Develop and maintain documentation for best practices, system configurations, and troubleshooting guidelines. 

• Lead and coordinate security projects, ensuring timely completion. 

• Provide support to team members, fostering a collaborative environment. 

• Contribute to the definition and evolution of security best practices within the organization. 

• Conduct or facilitate security awareness training sessions for employees. 

• Regularly conduct vulnerability assessments and recommend mitigation strategies. 

• Monitor and review security patches, ensuring their timely application. 

• Assist in the development, review, and update of organizational security policies and procedures. 

• Document and report security breaches and incidents. 

• Collaborate with IT departments to integrate security measures into projects and systems. 

• Configure and tune security tools for improved capabilities. 

• Ensure alignment with industry regulations and standards, such as GDPR, HIPAA, or PCI-DSS. 

• Liaise with external threat intelligence communities and vendors to stay informed about the latest cyber threats. 

• Assist in digital forensics investigations during security incidents. 

• Evaluate third-party vendors' security postures and recommend security requirements for contracts. 

Required Skills:    

• Understanding of common Information Security concepts, practices, and procedures. 

• Understanding of vulnerability analysis, penetration testing, encryption technologies, intrusion detection, incident response. 

• Ability to prioritize work. 

• Understands how security projects contribute to business goals. 

• Strong computer skills, including proficiency in Microsoft Office.  

• Excellent attention to detail and strong documentation skills.  

• Outstanding verbal and written communication skills.  

• Strong organizational and interpersonal skills. 

• Exceptional problem-solving abilities. 

Education & Experience:  

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related area of study. 

• 4+ years of relevant experience. 

• Industry certifications in cyber security incident management preferred. 

• Experience in at least one programming language. 

• Experience in analyzing network logs. 

• Experience in Network Security or Application Security. 

• Experience with security tools such as EDR, SIEM, EUBA, SOAR.