Lead IT Security Analyst

Job Summary: 

The Lead Security Operations Center (SOC) Analyst will analyze dashboards, systems, and reports to mitigate risk, triage security incidents, and implement fixes to improve ACI’s endpoint security posture. This individual will be expected to participate in the creation and maintenance of policies, standards, and procedures related to endpoint security event response. Will be required to perform administrative activities related to security incident response as assigned. This individual will need to ensure that the approach to security-related incidents is aligned with ACI's overarching security goals as established by policies, procedures, guidelines, and standards, and works to achieve those goals. Conducts tasks and assignments as directed by the Director of Production Systems. The Lead SOC Analyst is responsible for on-time, on-budget, high-quality delivery of all projects and duties assigned. incident detection, identification, management, response, resolution, and reporting.

• Conducts forensic investigations on compromised systems to identify the root cause of security incidents and remediation actions that need to be taken.
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable swift remediation
• Making recommendations that improve ACI’s endpoint security posture.
• Overall responsibility for Security Operations to handle threat detection and response.
• Conducts internal and external investigations and responds to internal and external security threats
• Contribute to policy development and prepare briefings to explain security programs and requirements to senior executives.
• Providing expert technical advice, guidance, and recommendations to management and other technical specialists on critical information technology security issues.
• Assessing risk factors and advice on vulnerability to attack from a variety of sources, and procedures for the protection of systems and applications.
• Proposing and implementing security measures that align with FFIEC, IRS, PCI, HIPAA, and other Federal regulations and guidance.
• Interpreting internal policy and implementation, and documentation of those requirements.
• Develop System Security Plans, Security Assessment Reports, Continuous Monitoring Plans, and Plans of Action & Milestones.
• Ensure coordination and collaboration on security activities.
• Effectively communicate both orally and in writing with management and other technical specialists.
• Proposes and helps review security plans and policies to improve the security environment.
• Maintains metrics, operational playbooks, process diagrams, and documentation for security monitoring and response.
• Obtains information and stays up to date on the latest threats and security trends in a fast and efficient way to keep the enterprise environment protected.
• Plan, organize, and manage tasks on time with minimal supervision.
• Oversees, responds to, and remediates all escalated SIEM events from on-premise and cloud systems.
• Obtains information and stays up to date on the latest threats and security trends in a fast and efficient way to keep the enterprise environment protected.
• Other duties may be assigned as needed to address new security threats facing the enterprise environment.
• Provides off-hour support as needed for security monitoring and response activities.
• Understand and adhere to all corporate policies to include but not limited to the ACI Code of Business Conduct and Ethics.

Knowledge, Skills, and Experience required for the job:
 

• A bachelor’s degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications or training, or equivalent work experience, is required.
• 7+ years’ experience in Information Security.
• Must have experience in incident response and management.
• Demonstrated experience with Windows and non-Windows server configuration, administration, and monitoring.
• Experience supporting large enterprise IT environments.
• Experience creating, modifying, and following standard procedural documents.
• Excellent written and verbal communication skills.
• Ability to multitask in a dynamic environment
• Analytical thought process.

Preferred Knowledge, Skills, and Experience needed for the job:
 

• Project management.
• Knowledge of the Jira ticketing platform.
• Working experience with Information Security, Network Security, Insider threat, Security Monitoring, Incident Response, and Vulnerability Management.
•  Working experience with industry-standard security technologies and services Firewalls, VPN, IDS, Endpoint Security, AV, Proxy, and SIEM.
• Strong experience with SIEM event/log analysis and correlation.
•  CISSP or equivalent
• Ethical Hacking Certification (a plus)

Work Environment:
 

• Standard work environment.
• The majority of time is spent sitting and on a PC (Phys. Req.).
• Weekend and off-hours support may be required periodically