Information Security Analyst

About the position

The Information Security Analyst will be required to respond to alerts that come in afterhours including nights, weekends, and holidays, as required. The Information Security Analysts' focus is to promptly respond to security alerts, contain and recover from any related threats. This role continually analyzes data from security tools, vulnerability assessments, penetration tests, and other sources to identify threats, vulnerabilities, work process issues, and identify opportunities to improve security controls. Comprehensive analysis of this data is critical to supporting effective response to suspected or actual security threats, identifying trends, evaluating security control effectiveness, protecting company IT resources, and ensuring that Protected and Confidential Information is not exposed to unauthorized parties.

Responsibilities

• Promptly respond to and investigate security alerts and incidents; handle containment and recovery using documented procedures.
• Ensure an in-depth analysis is performed and all relevant details are documented in the respective alert/incident, incident report, and/or policy violation.
• Escalate any confirmed security incidents you are unable to contain using documented procedures to an Information Security Engineer.
• Collect evidence from InfoSec, IT Shared Services, and other respective teams and document the relevant details of incident response activities.
• Investigate security alerts and suspicious emails reported to determine if they are malicious.
• Continually resolve and/or analyze data collected by security tools and other metrics.
• Analyze, research, and organize results of vulnerability scans and penetration tests.
• Perform analysis to determine the effectiveness of current security controls to identify gaps and make recommendations for improvement.
• Coordinate InfoSec projects; research, schedule meetings, create meeting notes, track tasks, create documentation.
• Respond to incoming requests from internal customers.
• Collaborate with Shared Services IT, application and database teams, and end users.
• Coordinate sending and receiving of Third Party Security Risk Assessment questionnaires.
• Assist with data collection, analysis, and presentation preparation of Information Security related metrics.
• Assist in developing security awareness training content, configuring simulated phishing exercises, verifying test results, compiling reports.
• Research and stay current with emerging technology, best practice, and industry security standards.
• Assist in compiling internal and external audit evidence, as requested.

Requirements

• Bachelor's Degree; Computer science, engineering, or technology related discipline preferred.
• 4-7 years Hands on experience in a relevant field preferred.
• GSEC, GISF, Security + Preferred.

Benefits

• Medical and Prescription Drug Benefit
• Dental Benefit
• Vision Benefit
• Life Insurance and Disability Benefits
• 401(k) Profit Sharing and Investment Plan
• Health Savings Account (HSA)
• Flexible Spending Accounts
• Tuition Assistance, Training, and Professional Designations
• Company-Paid Family Leave
• Adoption/Surrogacy Assistance Benefit
• Voluntary Benefits - Group Accident Insurance, Hospital Indemnity, Critical Illness, Legal, ID Theft Protection, Pet Insurance
• Student Loan Refinancing Services
• Care.com Membership with Back-up Care, Senior Solutions
• Business Travel Accident Insurance
• Matching Gifts program
• Paid Volunteer Day
• Employee Referral Award Program
• Wellness programs