Info Security Analyst Job Description
Info Security Analyst Duties & Responsibilities
To write an effective info security analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included info security analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Info Security Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Info Security Analyst
List any licenses or certifications required by the position: CISSP, CISA, CRISC, CISM, PMP, II, ITIL, SP, CND, IAT
Education for Info Security Analyst
Typically a job would require a certain level of education.
Employers hiring for the info security analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Education, Information Security, Information Technology, Information Systems, Technology, Engineering, Business, Management Information Systems
Skills for Info Security Analyst
Desired skills for info security analyst include:
Desired experience for info security analyst includes:
Info Security Analyst Examples
Info Security Analyst Job Description
- Participate activities in Access Management to provide access management business requirements and insure compliance with industry and company security standards
- Complete access request processing as per pre-defined sets of procedure and within agreed Service Level Agreements (SLA), resolve problem tickets
- Document access management procedures for assigned applications and/or platforms
- Be proactive to identify audit and compliance access related issues to reduce the risk of security exposures on the support systems and applications operational efficiency and works with various teams to implement the improvement
- Document access management procedures for assigned applications
- The optimal candidate will be expected to Lead investigations of cyber attacks
- Leverage tactical and technical capabilities to eradicate threats
- Collaborate with business partners across tech and business unit to drive detective controls
- Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs in order to identify misuse, malware, or unauthorized activity on monitored networks
- Monitors and investigates DLP and endpoint events
- 3+ Years of experience within an operational Insider Threat Program
- BS in Computer Science, Business Administration or equivalent
- CISA, CISSP or equivalent certifications
- 5 to 10 years of experience in Information Security, with a focus on security monitoring using SEIM, IDS/IPS, full packet capture solutions, malware analysis tools, endpoint security tools
- Minimum 5 years of Security industry experience
- Minimum 2 years’ experience in the financial services industry, in a role specific torisk management, audit or information security REQUIRED
Info Security Analyst Job Description
- Assist with the development, testing and implementation of new cyber-security processes and procedures
- Proactively identify audit and compliance access related issues to reduce the risk of security exposures on the support systems and applications
- Receive, create, and disseminate threat intelligence from manual and automatic sources (internal and external)
- Ensures all implemented patches
- Operates HBSS on all assets in accordance with approved operating procedures
- Acting as a subject matter expert on the security requirements of the GSO Policies and Standards
- Perform risk analysis for issues identified in vulnerability and penetration testing results
- Participate in processes to update and improve GSO Policies and Standards as a contributor
- Provide guidance on the needed remediation for issues identified in the vulnerability and penetration testing results, including the ability to evaluate false positives and verify that proposed solutions mitigate identified risks
- Cleary communicate security requirements, objectives, and risks to audiences across the business with varying technical and security experience levels
- Proficiency with Microsoft Office (MS Excel, MS PowerPoint)
- Good working knowledge of the UNIX/Linux/Windows systems and security administration, Roles Based Access Controls, Privileged access management tools
- Knowledge in building automated solutions using various scripting languages (VBA, vbscript, Perl and Shell script)
- Candidate must have proficiency with Microsoft Office (MS Excel, MS PowerPoint, ) and excellent verbal and written communication skills enabling candidate to prepare and present to all areas of the business, including senior management
- Understand IT DB Access Management standards and lifecycle
- Understand the "how" and "why" around the existing processes and procedures
Info Security Analyst Job Description
- Assist with the implementation and monitoring of complex security projects in support of company business units while upholding and complying with established corporate policies and procedures
- Perform day-to-day SIEM (security information event monitoring), correlation and investigation of security events
- Review Vulnerability Assessment reports of all company devices
- Provide the first line of response to an incident using a predefined process and methodology
- Develop the processes and methodology for Incident Handling in conjunction with the other Information Security Groups, provide training and yearly exercises for incident response
- Work with other groups to ensure base security metrics are being met
- Process abuse inbox emails (spam, phishing)
- Aid in maturing an Enterprise-impacting security awareness program including internal customer surveys, scope refinement, business case documentation, program key control objectives, stakeholder communications, and metrics
- Lead cross-functional/cross-organizational projects and/or pilots to support security awareness program initiatives
- Establish and maintain internal relationships third parties as necessary to support the security awareness program
- Knowledge and skill in incident management, response, analysis, and reporting
- Ability to conduct Information Systems vulnerability assessment, risk mitigation, and Plan of Action and Milestone (POA&M) development and tracking
- Network/data center operations
- Currently holding a DOE Q-level or Top Secret security clearance
- Currently holding Security+
- Working knowledge of networking technology and protocols
Info Security Analyst Job Description
- Develop, document and implement initiatives to measure program risk assessment awareness, adoption, and improvement
- Work alongside a world-class credible and high performance security team comprised of
- Analyze collected information to identify critical risks (findings)
- Partner with vendors and business teams to develop and track remediation plans
- Conduct on-site assessments of domestic or international vendor facilities as directed
- Collaborates with IT team to implement technical controls and projects to ensure security issues are addressed
- Work with leadership to develop strategies and plans to enforce security requirements and reduce identified risks
- Assists in the coordination and completion of information security operations
- Responsible for daily monitoring and deployment of Security Information
- Collaborates and coordinates with technology and business leads on the investigation and resolution of reported vulnerabilities and standards non-compliance
- Minimum 2-3 years of experience with IT policies, standards and/or procedures and working knowledge of industry-recognized information security-related standards such as ISO2700x, COBIT, PCI-DSS, NIST, REQUIRED
- The engineer will have significant knowledge of Big Data technologies and tools with the ability to share ideas among a collaborative team
- Basic knowledge of IT controls such as CIP (NIST, SAS70, SOX, HIPPA, ), preferred
- Hands-on experience in troubleshooting network devices
- Ability to effectively communicate and translate highly technical information in a professional manner at all levels
- Ability to follow Standard Operation Procedures accurately and efficiently
Info Security Analyst Job Description
- Coordinates scanning policies and schedules with business and operations teams
- Responsible for analyzing the results of audits related to control weaknesses, to produce recommendations on whether risk should be accepted, or remediated prior to placing systems/applications into the production environment
- Works within vulnerability management team to ensure vulnerabilities are properly tracked, reported, and closed
- Develops remediation reports, out briefs, and scorecards addressing risk, vulnerability, and organizational processes
- Clearly advises stakeholders and technical teams on vulnerabilities, criticality, impacts, and remediation to meet information security standards
- Applies excellent project management skills to ensure organizational vulnerabilities are documented, tracked, and addressed
- Interacts with existing Governance Risk and Compliance (GRC) team to collect metrics and deliver risk acceptance issues
- Conducts data analysis on information security compliance / risk trends and significant variances for senior
- Perform penetration testing of existing and new solutions
- Develop/Implement continuous monitoring plan across multiple security domains (familiar with tools used in compliance and vulnerability assessments)
- 1 - 3 years of experience in a large IT enterprise or Government environment
- Perform shift work in 24/7/365 environment
- Ability to obtain and maintain a DOE Q-level clearance
- Obtain Security+ within 6 months and/or maintain active Security+ certification status
- Assured Compliance Assessment Solution (ACAS) experience a plus
- Experience with penetration testing or vulnerability management preferred