Cloud Security Analyst

General Description:
The Information Security Analyst's daily duties include operational support of the Security Event and Information System and various other security services. The analyst will automate delivery of the weekly, monthly and quarterly information security management reports. They will also deliver entitlement reviews and certifications for shared folders and applications on an annual basis. The Information Security Analyst will also have the opportunity to manage a phased-release approach to product development and testing; implements, manages vulnerability scanning tools for configuration management and change control. 

Responsibilities:

• Continuously monitor levels of security services (i.e., firewall, IPS, IDS, etc.) by daily review and analysis of collected security log information from the Security Event and Information System.
  • Conduct investigations, suggest corrective actions to the appropriate IT groups, for action, based on
  • Weekly review, identification and reporting of health and operational status of the various security services:
    • A/V;
    • DLP;
    • Spam/Email appliances
    • Intrusion Prevention System (IPS);
    • Intrusion Detection System (IDS);
    • Firewalls; and
    • Other Security products, as necessary.
    • Weekly review of Vulnerability scans.
      • Conduct investigations, suggest corrective actions to the appropriate IT groups, for action, based on data analyses.
      • Perform security vulnerability scanning service/control-based process assessments (e.g., Change Management, Release Management, etc.), to include, evaluation of supporting documentation, evidence and alternative controls.
      • Monthly review and follow up on Monthly Active Directory Re-certification processes.
      • Annual review and follow up on Third Party Assessments.
      • Annual audit and review on Shared folder re-certifications.
      • Annual audit and re-certification of SOX related applications.
      • Acquisition of Audit data when requested by auditors.
      • Participate in annual BCP/DR testing.
      • Participate in annual Security Risk Assessments. 

Knowledge, Skills and Abilities: 

Bachelor's Degree in Management Information Systems, Network Security, Computer Science or related.

Security Certifications Preferred: CompTIA: Security+, Network+; GSEC: GIAC Security Essentials, GISG: GIAC Information Security Fundamentals; ISC2: CISSP, SSCP

Familiar with governance and compliance concepts, practices and procedures, which includes but is not limited to HIPAA, PCI-DSS, ISO, NIST, SOX and COBIT

Skills:

• Reading Comprehension - Understanding written sentences and paragraphs in work related documents.
• Critical Thinking - Using logic and reasoning with attention to details, to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
• Complex Problem Solving - Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions.
• Speaking - Talking to others to convey information effectively.
• Writing - Communicating effectively in writing as appropriate for the needs of the audience.
• Judgment and Decision Making - Considering the relative costs and benefits of potential actions to choose the most appropriate one.
• Time Management - Managing one's own time and the time of others in a deadline driven environment.
• Service Orientation - Actively looking for ways to help people.

Experience:

• 2+ years' experience as an analyst in Information Security in a corporate IT department/NOC/SOC
• Previous experience monitoring, analyzing, and escalating, Security incidents from multiple sources.
• Ability to effectively communicate in a technical team environment.
• 2+ years of experience with security products, such as SEIM, IPS, IDS.
• Previous experience developing reports to IT leadership.