Analyst Info Security Sr

Shenandoah Telecommunications - Edinburg, VA

posted 12 days ago

Full-time - Mid Level
Edinburg, VA
Telecommunications

About the position

The Analyst Info Security Sr role at Shenandoah Telecommunications Company (Shentel) is focused on reducing the impact of information security incidents and system compromises. This position involves leading advanced security monitoring, incident investigation, and analysis, as well as coordinating security assessments and managing security-related processes. The role also includes mentoring junior security resources and ensuring compliance with local, state, and federal regulations regarding security and data privacy.

Responsibilities

  • Lead security incident investigations and reporting according to the Incident Response Plan (IRP).
  • Coordinate industry best practice security and data privacy assessments for all third party vendors, contractors, consultants, auditors, applications (both on premise and cloud) as well as system-to-system connections on our internal and customer-facing networks.
  • Perform network and application penetration tests, vulnerability assessment scans, and patch management / vulnerability remediation strategy planning.
  • Monitor and advise on information security and data privacy issues related to the systems and their related data flows while ensuring internal security controls are appropriate and operating as intended. Coordinate execution of approved mitigation plans.
  • Conduct security and data privacy research in keeping abreast of latest information security as well as data privacy events, issues, and trends.
  • Lead the assistance and support of user and security posture awareness for IT teams as well as key information security partners for our customer facing servers, networks, and applications.
  • Act as the security investigative lead on any breach analysis activities to help discover root cause.
  • Contribute to disaster and business continuity recovery planning as well as play a role in the execution should an event occur.
  • Analyze and provide security model planning input for cloud (SaaS) access and monitoring. Including protection recommendations associated with IT architecture for cloud and hybridized computing. Help to coordinate execution of that model and strategy.
  • Lead on support for compliance activities for SOX, PCI, CPNI, and data privacy regulations around PII, PHI, and financial data.
  • Actively participate in red team / blue team engagements led by more senior team members or by select management approved security partners.
  • Participate in threat modeling activities with more senior team members or with select management approved security partners.
  • Primary role on supporting IT Security program initiatives and security tool implementations.
  • Provide regular business intelligence via technical reports, meaningful metrics to management and to c-suite level audiences as required through tooling over time.
  • Conduct quality assurance reviews of investigations and analysts' adherence to process as well as procedures.
  • Develop industry best practice and modern security report templates, processes, and playbooks for other security team members and operational functions to execute on.

Requirements

  • Four Year Degree in Computer Science, Networking Administration, or Cyber Security is required.
  • 7-10 years of Information Security, Data Analytics or Security Operations experience is required.
  • 5-7 years of Splunk or SIEM experience is required.
  • 3-5 years of Security Analyst or Security Generalist experience is required.
  • Seasoned experience in application, server, and network security is required.
  • Experience in the event log monitoring of computer systems and SIEM enterprise security capability is required.
  • Experience with and deep understanding of industry standard security frameworks (e.g., NIST, CIS, OWASP, Mitre Att&ck) and PII, PHI, CPNI, and PCI data handling requirements is required.
  • Experience with SOX obligations and requirements is required.
  • Experience in information security or data privacy investigative work is required.
  • Experience with mobile device management (MDM) is required.

Nice-to-haves

  • Experience as a lead technical security resource on several small to mid-sized security initiatives is preferred.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service