Information Security Analyst

The Information Security Analyst will be responsible for supporting and maturing the information security program. The candidate will work with IT staff to implement technologies, support the secure development of applications and assist with internal and external compliance needs. This position requires technical knowledge across a vast array of system, network and infrastructure devices, including cloud. Your ability to provide sound advice and guidance will prove instrumental as you grow within the organization.

Job Requirements:

• Perform day to day monitoring of cybersecurity events, including reviewing, analyzing and interpreting reports from various systems to identify anomalies, trends, or threats.
• Implement technical systems and monitor them for unusual and suspicious activity across a wide range of products.
• Actively hunt for exposures and identify incidents warranting action to disrupt and remediate threats.
• Participate in security incident responses relevant to business (or enterprise wide), represent your respective position to the business while conveying their needs to the incident response team.
• Work with team to scan, assess and identify vulnerabilities that have actual risk while ensuring the integrity of the environment.  
• Analyze vulnerability and compliance scan results to assess the degree of protective measures required to be implemented, and work with system owners to ensure vulnerabilities are remediated and system configurations meet NJM’s hardening standards.
• Ensure that security programs and policies are in compliance to minimize or eliminate risk and audit findings.
• Maintain company policy as well as the documentation of revisions policy and procedure.
• Collaborate with Information Technology teams on a routine basis for the purposes of reviewing and providing security risk-based recommendations related to vulnerability reporting.
• Maintain awareness of existing and proposed industry practices or standards, security trends and issues, and advise the organization on security issues affecting the company in a timely and effective manner.
• Support cloud security technologies and protocols, including cloud security architecture, identity and access management, and data protection.
• Experience with vulnerability management, assessment, and remediation.
• Familiarity with threat hunting, adversarial TTPs, and attack frameworks (MITRE ATT&CK, etc.).
• Conduct offensive security testing, including penetration testing, vulnerability assessments, and adversary emulation.
• Hands-on experience in offensive security disciplines (e.g., penetration testing, red teaming, web app testing, source code analysis).

Required Education and Experience:

• 5 + years of relevant experience.
• Information Security Certification / Accreditation an asset (CISSP, CISA, CISM, CEH, ect)
• Knowledge of cyber security risk management concepts, cyber security frameworks, secures coding principles, and security technologies. (e.g., SOC 2, CIS, NIST 800 series, ISO 27001
• Knowledge of security standards (common STIG, CIS, and third-party security baselines).
• Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• General networking understanding and/or experience to include understanding of TCP/IP communications, knowledge of how common protocols and applications work at the network level, including DNS, HTTP.
• Experience with multiple compliance and regulatory requirements outlined by NIST, ISO, and other government agencies.
• Project management experience a plus.

The salary range for this role is $102,000 - 128,000. Compensation is commensurate with experience and credentials.

Team members receive a competitive Total Rewards package, including but not limited to a 401(k) with employer match up to 8% and additional service-based contributions, Health, Dental, and Vision insurance, Life and Disability coverage, generous PTO, Paid Sick Leave, and paid parental leave in addition to state-mandated leave. Employees may also be eligible for discretionary bonuses. 

Legal Disclaimer: NJM is proud to be an equal opportunity employer. We are committed to attracting, retaining and promoting a diverse and inclusive workforce that is fully representative of the diversity that exists in the communities in which we do business.