Skip to content

Corporate IT Security Analyst

Alternate Locations:

PA - Philadelphia

Apply now Share Share Corp Security Analyst with Facebook Share Corp Security Analyst with LinkedIn Share Corp Security Analyst with Twitter Share Corp Security Analyst with a friend via e-mail

General Description:
The Information Security Analyst's daily duties include operational support of the Security Event and Information System and various other security services. The analyst will automate delivery of the weekly, monthly and quarterly information security management reports. They will also deliver entitlement reviews and certifications for shared folders and applications on an annual basis. The Information Security Analyst will also have the opportunity to manage a phased-release approach to product development and testing; implements, manages vulnerability scanning tools for configuration management and change control. 

Responsibilities:

  • Continuously monitor levels of security services (i.e., firewall, IPS, IDS, etc.) by daily review and analysis of collected security log information from the Security Event and Information System.
    • Conduct investigations, suggest corrective actions to the appropriate IT groups, for action, based on
    • Weekly review, identification and reporting of health and operational status of the various security services:
      • A/V;
      • DLP;
      • Spam/Email appliances
      • Intrusion Prevention System (IPS);
      • Intrusion Detection System (IDS);
      • Firewalls; and
      • Other Security products, as necessary.
      • Weekly review of Vulnerability scans.
        • Conduct investigations, suggest corrective actions to the appropriate IT groups, for action, based on data analyses.
        • Perform security vulnerability scanning service/control-based process assessments (e.g., Change Management, Release Management, etc.), to include, evaluation of supporting documentation, evidence and alternative controls.
        • Monthly review and follow up on Monthly Active Directory Re-certification processes.
        • Annual review and follow up on Third Party Assessments.
        • Annual audit and review on Shared folder re-certifications.
        • Annual audit and re-certification of SOX related applications.
        • Acquisition of Audit data when requested by auditors.
        • Participate in annual BCP/DR testing.
        • Participate in annual Security Risk Assessments. 

Knowledge, Skills and Abilities: 

Bachelor's Degree in Management Information Systems, Network Security, Computer Science or related.

 

Security Certifications Preferred: CompTIA: Security+, Network+; GSEC: GIAC Security Essentials, GISG: GIAC Information Security Fundamentals; ISC2: CISSP, SSCP

Familiar with governance and compliance concepts, practices and procedures, which includes but is not limited to HIPAA, PCI-DSS, ISO, NIST, SOX and COBIT

Skills:

  • Reading Comprehension - Understanding written sentences and paragraphs in work related documents.
  • Critical Thinking - Using logic and reasoning with attention to details, to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
  • Complex Problem Solving - Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions.
  • Speaking - Talking to others to convey information effectively.
  • Writing - Communicating effectively in writing as appropriate for the needs of the audience.
  • Judgment and Decision Making - Considering the relative costs and benefits of potential actions to choose the most appropriate one.
  • Time Management - Managing one's own time and the time of others in a deadline driven environment.
  • Service Orientation - Actively looking for ways to help people.

Experience:

  • 2+ years' experience as an analyst in Information Security in a corporate IT department/NOC/SOC
  • Previous experience monitoring, analyzing, and escalating, Security incidents from multiple sources.
  • Ability to effectively communicate in a technical team environment.
  • 2+ years of experience with security products, such as SEIM, IPS, IDS.
  • Previous experience developing reports to IT leadership.

Job ID:

20952

Interested in hearing about other USI Career Opportunities?

Join Our Talent Network
EEO is The Law - click here for more information
Notice to 3rd Party Recruiters

Notice to Recruiters and Agencies regarding unsolicited resumes or candidate submissions without prior express written approval.
Resumes submitted or candidates referred to USI Insurance Services by any external recruiter or recruitment agency by any means (including but not limited to via Internet, e-mail, fax, U.S. mail and/or verbal communications) without a properly executed written contract for a specified position by an authorized member of the Talent Acquisition team become the property of USI Insurance Services. The Company will not be responsible for, or owe any fees associated with, referrals of those candidates and/or for submission of any information, including resumes, associated with individuals.

We endeavor to make this site accessible to any and all users. If you would like to contact us, please email recruiting@usi.com