Information Security Analyst

August 20

Apply Now

Receive Emails with Similar Jobs

Bixal

WebsiteLinkedInAll Job Openings

Improving people's lives through human-centered strategies and transformative technologies. #ThisIsBixal

Digital Marketing and Outreach • Social Media Strategy • Web Design & Development • Design - Creative and Interactive • Online Training Design & Development

201 - 500

Description

• Conducts security control tests of design and operational effectiveness • Manages remediation tasks to completion on tight deadlines • Leads analysis and remediation of findings discovered during scheduled internal and third-party vulnerability scans and penetration tests. • Participate in technical and non-technical projects requiring information security oversight and to ensure policies, procedures and standards are met. • Handles special projects and initiatives as assigned. • Provide relevant analysis, suggest mitigations, track remediation, manage scheduled scans, identify gaps, and expand scan coverage and escalate as appropriate. • Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovations. • Conduct cyber security risk assessments and serves as a liaison for the security team. • Assist in incident response (IR) with security operations center (SOC) and/or IT teams. • Creates security operation controls, playbooks, procedures, and guidelines. • Participates in planning sessions to ensure security and compliance requirements are met. • Stays current on best practices, current trends,and pertinent changes in internal/external threats and opportunities in a timely and anticipatory manner. Advises management on key findings. • Performs all other duties and special projects as assigned.

Requirements

• Bachelor’s degree in computer sciences, Information Security, or equivalent work experience. • At least 3 years of relevant experience within information security and technology. • Professional security certifications (CySA+, Security+, CISSP, CCSP, CISM, CISA, AWS Certified Security Specialty) or willingness to obtain certification. • Working knowledge of AWS Security tools, their functionality and purpose. • Strong working knowledge of cloud security concepts and services such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) • Strong familiarity of fundamental and operational concepts in information security, including network security, encryption, authentication, and incident response. • Experience with common security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM platforms, and endpoint security solutions. • Demonstrated use of security frameworks and standards such as NIST SP 800-53, CIS Critical Security Controls, OWASP, MITRE ATT&CK, and ISO27001. • Strong experience assessing and providing recommendation on the following: Privacy Impact Assessment, Risk Assessment, System Security Plan, Disaster Recovery / Contingency Plan, and Incident Response Plan. • Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines. • Experience with Government Agency Security Assessment Process in support of maintaining and/or establishing an ATO and the appropriate security boundary. • Strong knowledge of the Systems Development Life Cycle (SDLC) and its application in the development of technology solutions.