Lower Fairfield County, CT
IT Security Analyst
The Security Analyst is a member of the Global IT Security Compliance team and is a hands-on, support role of the corporate information security program. This includes defining and supporting security policies, processes, tools and standards. The Security Analyst works to meet specific security requirements, and defines and executes processes and standards to ensure that a high level of security is maintained.
The Security Analyst role requires a high level of technical expertise, is responsible for the day-to-day review and administration of information security reports, logs, and tools, first-level and/or second-level support for security information and event management (SIEM) across the enterprise, and participates in the audit support function as required.
· Analyzes reports,, firewall logs, security logs, and network behavioral analysis traffic reports for unusual or suspicious events and initiates proactive measures to address suspicious activity or to identify and classify unusual activity.
· Review designated technology platforms, including operating systems, applications and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines.
· Participates in penetration tests, threat and vulnerability assessments, and as required, facilitates remedial action to ensure that systems are protected from known and potential threats and to log as exceptions vulnerabilities that can’t be addressed within a reasonable timeframe.
· Identifies security issues, vulnerabilities and industry best practices and provides input and/or direction to contain, remove or otherwise mitigate known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards.
· Collects and organizes security incident and event data to produce monthly exception and management reports. Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
· Locate and facilitate the repair of security problems and failures.
· Develop and maintain documentation for security systems, processes and procedures and support service-level agreements (SLAs) to ensure that security controls are maintained. Maintain security diagrams.
· Review and monitor Identity and Access Management internal control systems to ensure that appropriate information access levels and security clearances are maintained.
· Facilitates and/or participate in Incident Detection and Response and provides first- and second-level support, directing required remediation measures in the event of a security breach or security incident. Collects information and provides a situation analysis during and after a security incident. Directs required remediation measures and proactive control responses to minimize the likelihood of a similar event in the future. · Participates in various audits within IT and the business as necessary. Provide response(s) to audit reports and remediation plans with owners. Assists in the updates of Sarbanes Oxley (SOX) control narratives as required.
· Minimum of 2-4 years IT, Information or Network Security experience.
· Bachelor's degree in Information Systems or equivalent work experience.
· Certifications such as CompTIA Security +, Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), are highly desired. · Willingness to travel as necessary to attend seminars, technical courses or site visits (less than 10%).
· Ability to provide on call services after normal business as required.
Technical Competency
· Knowledge and understanding of information security risk concepts, principles, and means of relating business needs to security controls.
· Knowledge of, and experience in developing and documenting security architecture diagrams and documentation.
· Knowledge of, or experience with information security management frameworks, such as International Organization for Standardization (ISO) 27001, ITIL, COBIT and National Institute of Standards and Technology (NIST) frameworks.
· Knowledge of risk assessment methods and technologies.
· Knowledge of performing risk, business impact, control and vulnerability assessments.
· Knowledge of mainstream operating systems and security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
· Ability to develop documentation and maintain security policies, processes, procedures and standards.
· Knowledge of network ing infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
· Audit, compliance or governance knowledge.
· Strong, detailed analytical/critical thinking skills to analyze security requirements and relate them to appropriate security controls.
· Strong written and verbal communication skills.
· Strong customer/client focus, with the ability to manage expectations appropriately, to provide
203-702-4457
Bill @ yourcurrentjob.com
My new hobby for 2012: Indian cooking. Please send me Indian recipe websites, HOT curry recipes and good Indian restaurant locations! Vegetarian and non-Vegetarian are welcome.
a superior customer/client experience and build long-term relationships.
