JOB SUMMARY
The Information Security Analyst II will play a crucial role in safeguarding the company's assets and ensuring the confidentiality, integrity, and availability of our information systems and data. The Information Security Analyst II will be responsible for monitoring, analyzing, and responding to security threats and vulnerabilities, while actively contributing to the enhancement of our cybersecurity posture. In addition, the Information Security Analyst II will proactively monitor the ever-evolving threat landscape to ensure the company maintains relevant security controls to mitigate any potential risks.
ESSENTIAL FUNCTIONS
Security Governance - Establish and maintain self-audits, policies and procedures to provide assurance that information security strategies are aligned with applicable laws and regulations through adherence to internal controls.
- Understand the security landscape and contribute to the development and review of security policies and procedures to address new regulations, threats or best practices
- Stay abreast of Audit requirements and assist with the management of self-audits and Internal/External audits.
- Contribute to the development of end user security training and awareness program
Threat Management - Ability to understand security threats and their risk to the organization.
- Assist with periodic security assessments, vulnerability and pen tests.
- Assist with the tracking of any remediation required due to security assessments / tests.
- Review security tool logs to look for any potential security issues or breaches.
Security Roadmap – Ability to guide the organization in the development of the Security Program Roadmap.
- Contribute to the development of the Security Program Roadmap.
Security Engineering - Architects and implements security technologies.
- Assist with identifying potential security technologies and researching their capabilities.
Contribute to the design and implementation of security solutions.
SUPPLEMENTAL DUTIES & RESPONSIBILITIES
- Pursues training and development opportunities; strives to continuously build knowledge and skills
- Assist personnel in other technology departments to resolve technical and/or application issues
- Participate and assist in the coordination of both internal and external audits
- Participate in On-Call rotation
CORE COMPETENCIES
Problem Solving - Ability to problem solve through problem identification (what is the problem), solution assessment (what can be done), problem documentation (document for future) and problem response (implementing a solution).
Able to:
- Frame problems before trying to solve them
- Seek advice from those who have solved similar problems
- Follow up to ensure that the problem has been resolved
- Document and disseminate identification and resolution of problems to avoid future redundant work efforts
- Break down problems and identify all of their components
- Provide insight into the root-causes of problems
- Anticipate problems and is proactive in addressing them
Decision making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals.
Able to:
- Gather data and others' input when making decisions
- Consider lessons learned from experience, differing needs, and the impact of the decision on others
- Escalate decisions when appropriate
- Balance analysis, insight, experience, and perspective when making decisions
- Find solutions that are acceptable to diverse groups with conflicting interests and needs
- Provide service to internal and external customers to satisfy their needs and expectations
- Listen to concerns and resolve reported issues effectively and promptly
- Ensure and comply to customer response timeline (SLAs) based on the severity of reported issues including documenting concise and accurate status information in the Service Now ticketing system
- Commit to continuous improvement
- Anticipate customer’s needs and move to effectively address issues
- Establish relationship with customers providing education as appropriate
- Deliver high quality solutions
- Establish rapport with co-workers easily
- Work with others to achieve goals
- Listen and respond constructively to other team members' ideas
- Encourage and facilitate cooperation, pride, trust and group identity
- Foster commitment and team spirit
- Offer support for others' ideas and proposals
- Be open with other team members about his/her concerns
- Share his/her expertise with others
- Facilitate between own functional area and areas below or above in the work stream as needed
- Set well-defined and realistic goals
- Comply with established policies and procedures
- Accept responsibility for mistakes
- Take ownership of successful outcome of work assignments/projects through collaborative efforts with team
- Minimize re-work
- Seek out learning opportunities
- Identify training needs and take action to obtain knowledge
- Persistently push self and others for results
- Collaborate between own functional area and areas below or above in the work stream needed
- Help others
- Persistently pushes self and others for results
- Provide consistency between projects
- Understands Reliance business and how technologies can support business processes.
- Clearly express information taking into account audience and nature of the information (for example, non-technical, sensitive, and controversial)
- Ask questions and summarize what was heard to prevent miscommunication
- Present information in a concise and focused manner
- Listen to others
- Communicate written information (for example, facts, ideas, or messages) in a succinct and organized manner
- Produce written information, which may include technical material that is appropriate for the intended audience
- Act in a proactive and achievement-oriented manner
- Treat co-workers in a fair and equitable manner
- Behave in a tactful, compassionate, and sensitive manner
- Empower others by sharing information
- Actively listen and clarify information as needed
- Foster an atmosphere of open communication
Required Skills
- Bachelor’s Degree or equivalent work experience in a related field required
- 3+ years’ experience in an Information Security role to include experience in assessing and recommending internal application and infrastructure controls required
- Professional security management certification, such as a CompTIA Security+ is highly desirable
- Must be self-motivated and able to work independently, with minimal supervision and as part of a team
- Knowledge and hands-on experience with a Security Incident and Event Monitoring (SIEM) tool, performing log analysis, correlation, and incident response, required
- Experience in the monitoring and the development of new rules to address detection gaps, required
- Experience in utilizing vulnerability management tools to identify, assess, and collaborate with other teams to remediate security risks highly desired
- Experience in utilizing, managing, and optimizing a centrally managed EDR/XDR solution, highly desired
- Knowledge and experience with common information security management frameworks and best practices, specifically the National Institute of Standards and Technology (NIST) frameworks and Center for Internet Security (CIS) Critical Security Controls desired
- Knowledge and experience with security infrastructures and networking concepts (e.g. Basic routing, NT, Firewalls, IDS/IPS, VPN, Secure Email Gateways, Web Content Filters, Proxies, DLP) preferred.
- General understanding of technical infrastructure (Virtualization, Active Directory, Applications, various Operating Systems, etc)
- Understanding of authentication concepts, SSO, encryption, ciphers, certificates and various MFA technologies
- Detail oriented with excellent interpersonal communication skills
- Expected to partner, collaborate, and mentor effectively with other teams on an ongoing basis
- Strong analytical skills and the ability to present information in an easily consumable format
- Strong organizational skills and ability to multi-task in an enterprise business environment.
- Ability to manage and track completion of projects and remediation tasks
- Proficient technical documentation skills
- Strong written, verbal, and presentation communication skills and ability to communicate at all levels within an organization
ANNUAL PAY: $115,000 - 144,000