Senior Information Security Analyst Job Description
Senior information security analyst
provides subject matter expertise related to NIST CSF, NIST 800-53, ISO27001, PCI DSS, SOC 1, SOC 2, ITGC, and other information security control standards and assessment.
Senior Information Security Analyst Duties & Responsibilities
To write an effective senior information security analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included senior information security analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Proven experience interpreting log outputs from a wide selection of physical and virtual network/host devices, and application classes (HIDS, NIDS, Firewalls, Proxies, Routers, databases, Servers, Desktop Controls, Endpoint Protection, custom applications)
Demonstrated experience in implementing IDS, Host Side Intrusion Detection, Firewall configuration, email encryption and PHI filtering Anti-Spam / Virus and content filtering necessary
In-depth understanding of the NIST Special Publication (SP) 800 series, with a focus on the certification and accreditation-related SPs
Manage and tune Web application firewalls
Understanding of IT security in NIST SP 800
Integrate appropriate system and application related logs into a SIEM to monitor and alert on threats to the assets supporting enterprise
Design, test and develop specific information security content and alerting to identify and report on threats against assets
Create and implement incident response procedures for new threat content and alerts
Obtain and share cyber security intelligence with the IT team
Bachelor Degree and/or equivalent experience, with a technology or business emphasis on retail
Senior Information Security Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Senior Information Security Analyst
List any licenses or certifications required by the position: SANS, CISSP, CISA, SSL, CISM, PMP, ISACA, CRISC, GCIH, IIQ
Education for Senior Information Security Analyst
Typically a job would require a certain level of education.
Employers hiring for the senior information security analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Business/Management, Education, Leadership, Computer, Accounting, Computer and Information Systems, English, Auditing
Skills for Senior Information Security Analyst
Desired skills for senior information security analyst include:
Instructional systems
Multiple operating platforms
Various software packages
PCI
HIPAA
Networks
Firewalls
NIST
Broad array of security solutions to address many complex control scenarios
Encryption
Desired experience for senior information security analyst includes:
Ability to lead a team of IA staff
Five (5) years experience in information security audit, information security risk management or information security
Solid understanding of Enterprise Risk Management and Strategy frameworks understanding of current enterprise threat scenario as related to financial industry
8+ years in technology, information security, and/or application development
Bachelor's Degree in Accounting, Finance, Business Administration, or related discipline OR equivalent work experience
Knowledge of exploit development, vulnerability research/reporting or writing system modules in C & C++, a major advantage and added bonus
Senior Information Security Analyst Examples
1
Senior Information Security Analyst Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of senior information security analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for senior information security analyst
- Present new and existing information security information to workforce and management
- Works with other functions (Legal, Compliance, ) to coordinate control requirements and control reporting
- Compiles management reports, summary analysis, and detailed presentations to describe risk, controls, and maturity assessments
- Manage and maintain a SIEM and Threat and Incident Response Program
- Contribute to and assist with developing business specific risk and compliance reporting
- Co-ordinate research initiatives on industry, technology and information security trends, approaches and tools
- Perform co-ordination and assist with demand management responsibilities of security consulting teams
- Other Information Security related tasks, as required
- Define and maintain Information Security aspects of GRC tool and process requirements, selection, and deployment
- Manage security incidents, investigations and reporting
Qualifications for senior information security analyst
- Knowledge of web application technologies and layer 7 protocols like HTTP, DHCP, DNS, FTP
- Familiarity with security tools & frameworks like Metasploit, Kali, Canvas is a plus
- Self-starter with strong written and oral communication skills
- Willingness to embrace repetitive tasks with enthusiasm and attention to detail
- Familiar with MS office products/VISIO
- Support ITS deliver teams with technology-specific security advisory for security events and as part of post security incident remediation activity
2
Senior Information Security Analyst Job Description
Job Description Example
Our innovative and growing company is hiring for a senior information security analyst. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for senior information security analyst
- Ensure security review and update frequencies are met
- Collaborate with the CGI Federal project team to manage security assessments
- Work directly with the security assessment vendor to plan and schedule assessment activities
- Perform vulnerability scans and analysis under is responsibility and ensure a timely remediation with the appropriate teams
- Function as the primary Information Security Risk representative on the Vendor Risk & Oversight team, performing both vendor and internal risk assessments and working with business units to improve current controls and continue to mature the assessment process and deliverables
- Lead efforts to improve upon and formalize the existing Information Security Risk Assessment and Exception process, delivering a standard, well-documented and referenceable process
- Assess emerging technologies for security controls and applicability into our existing portfolio
- Work with internal application, infrastructure, and architecture teams to assess the information security risk of existing technology, infrastructure and processes proposed projects
- Assist with information security risk aspects of internal audits
- Will be responsible monitoring, prioritizing, analyzing, and provide action plans to appropriate IT support team for Cyber Security alerts coming in from the Hitachi Vantara Cyber Security Operations Center during assigned shift hours
Qualifications for senior information security analyst
- Advanced knowledge of technology controls / security domain, disciplines and practices
- Understanding of Corporate Information Security Programs and the ability to apply them to our business unit
- Should have at least a technical bachelor's degree in related field and 3-5 years of experience in an NOC/SOC environment
- Significant knowledge of particular CND tools, tactics, techniques and procedures which support their analysis of event information
- Experience in performing event correlation using information gathered from a variety of sources within the network environment to gain situational awareness and determine the effectiveness of an observed attack
- Demonstrated understanding of platform security fundamentals (Hardware, Windows, and Linux)
3
Senior Information Security Analyst Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of senior information security analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for senior information security analyst
- Moderate experience with skilled collaboration with business partners and executive leadership to ensure alignment of expectations for installation and maintenance of network components
- Moderate exposure to providing strategic reports for executive leadership, business stakeholders, and IT team
- Identify, analyze and remediate threats in our environment
- Identify gaps in existing security architecture and recommend improvements
- Implement tools and processes to improve our ability to detect and respond to threats
- Define and craft security policies, incident response plans and security playbooks
- Be part of an on-call rotation to analyze and resolve critical security issues and incidents
- Participate in learning reviews following security incidents and deliver technical reports
- Ability to detect and analyze information security threats, and be able to design robust security patterns for implementation
- Be able to design, deploy, enhance, automate and operationalize information security capabilities for the enterprise network
Qualifications for senior information security analyst
- CISM is highly desired
- Understanding of web application threats and penetration testing concepts
- Ability to conduct research, analysis and correlation across a wide variety of all source data sets
- Experience in Information security monitoring / system analysts is must
- Strong knowledge of security tools
- Strong Network fundamentals, active/passive components
4
Senior Information Security Analyst Job Description
Job Description Example
Our company is hiring for a senior information security analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for senior information security analyst
- Ensuring and monitoring compliance with the Company’s IT security policies, HIPAA Security Rule, and applicable laws and regulations, and
- Perform initial, changes to, and periodic asset security risk assessments
- Assess and report risk on customer facing applications supporting compliance with FFIEC Guidance for Authentication in an Internet Banking Environment
- Conduct internal and external site visits and external security program reviews as required
- Accurately report results of assessments and track status, follow-up, and process responses to remediation and security requirements
- Work with asset managers / owners to assure remediation plans are adequate and efficient
- Provide oversight and coordination of remediation efforts to address identified weaknesses
- Identify areas of non-compliance and make recommendations for achieving compliance
- Utilize Enterprise Governance, Risk and Compliance tools and frameworks to complete work
- Work with members of the Legal team to assist with Information Security contract language
Qualifications for senior information security analyst
- Ability to work both at times collaboratively and other times independently always focusing on outcomes and results
- MS in Computer Science or engineering strongly preferred
- 3+ years of experience with large / mid-size Enterprise Information Security
- 3+ years of experience with Enterprise-level Technology
- Knowledge and experience with of Mac OSX and *nix operating systems
- Understanding of server virtualization platforms
5
Senior Information Security Analyst Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of senior information security analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for senior information security analyst
- Monitors onsite SIEM for vulnerabilities or anomalies in network and works with Network team to resolve issues
- Work with other teams to identify, resolve, and mitigate vulnerabilities in their systems
- Enhancing the Company’s information security program, and managing information security operations and maintenance activities, to maximize the security of our business information including electronic Protected Health Information (ePHI)
- Designs and implements emergency/incident response processes, log monitoring processes and analysis, and vulnerability scanning, remediation risk analysis, and oversight activities, working collaboratively with an interdisciplinary team of Corporate Privacy, Legal and Compliance
- Investigates and reports on security incidents
- Provide active continuous Security Threat Analysis for Antivirus, Malware and Ransomware attacks across multiple platforms
- Research security threats to the company’s environment
- Update rules and use cases to ensure proactive protection of our business partners IT environments
- Provide Incident Response for Security Related incidents
- Hands on configuration of security applications and appliances providing services such as IDS, Vulnerability Management and anomaly detection tools
Qualifications for senior information security analyst
- Identify, solution, and implement process improvements
- Consult with technical and business teams to suggest enhancements to the security and/or provisioning processes to ensure certifications are effective and efficient as possible
- 5-8 years' experience in a Security Operations Center preferred
- 5-8 years' experience with Information Security Governance and Risk Management for identification
- Of an organization's information assets and the development, documentation and implementation of policies, standards, procedures and guidelines
- 5-8 years' experience with Security governance and policy, Information classification/ownership, contractual agreements and procurement processes, risk management concepts, personnel security, security education