SSUSA Job #667: Senior Information Security Analyst

Job Description

 

                                          Senior Information Security Analyst

 

Description: 

 

The Senior Information Security Analyst position’s primary responsibility is providing expertise on key information security related activities. This person will be responsible for the implementation, configuration and administering of firewalls, intrusion prevention and intrusion detection, vulnerability management, penetration testing, security forensics, antivirus, log management, and incident response.  The Senior Information Security Analyst will assist in the development of security requirements, security design, development and review of security processes and standards and evaluate application and system architectures.

 

Essential Job Duties and Responsibilities

 

Strategy & Planning

 

  • Participate in the planning and design of enterprise security architecture

  • Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures)

  • Participate in the planning and design of an enterprise Business Continuity Plan and IT Disaster Recovery Plan

  • Risk assessments

  • Business Impact Analysis

 

Acquisition & Deployment

 

  • Perform (in partnership with other technology teams as required and appropriate) the evaluation, deployment, integration and initial configuration of new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically

  • Perform (in partnership with other technology teams as required and appropriate) the evaluation, deployment, integration and initial configuration of new Business Continuity and IT Disaster Recovery solutions and of any enhancements to existing BC/DR solutions in accordance with standard best operating procedures generically and the enterprise’s BC/DR documents specifically

 

Operational

 

  • Maintain and audit up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).

  • Maintain security standards and configurations of all solutions that are partially or wholly operated by the Information Security team.

  • Maintain operational configurations of all in-place security solutions as per the established baselines, for those security systems solutions that are partially or wholly operated by the Information Security team

  • Design, configure, and support security technologies such as fire walls, intrusion detection systems (IDS), intrusion protection systems (IPS), network access controls (NAC), encryption, antimalware,  and a wide variety of other security products/appliances

  • Monitor all security solutions for efficient and appropriate operations.

  • Review logs and reports of all devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution

  • Work with both internal and external resources to conduct security audits, address gaps, and ensure compliance with regulatory and industry requirements

  • Utilize best practices applicable to the handling and analysis of electronic evidence of eDiscovery matters

  • Provide in-depth support for information security incidents including internal violations, attacks, virus, and system outages

  • Provide computer forensics, electronic discovery, and investigation in support of corporate legal, compliance, and HR requests.

  • Conduct vulnerability assessments and penetration testing

  • Communicate and provide regular security related updates to management

  • Monitor VPNs, server logs, firewall logs, intrusion detection/prevention logs, network traffic and other security systems for unusual or suspicious activity. Report such activity to appropriate individuals within the team

  • Participate in emergency response team activities for responding to various security incidents

  • Provide on-call support for end users for all in-place security solutions that are partially or wholly operated by the InfoSec team

  • Provide expert consultation, guidance, and assistance to other departments on the design, implementation, and operation of appropriate technical, physical, and administrative controls to ensure the security of the company's sensitive information

  • Provide technical expertise on security projects which involve a wide range of issues including secure architectures, secure electronic data transfer, network security, platform security, application security, and general data security and privacy

  • Research, analyze, and propose new security technologies, hardware, and software

    Provide on-call support for end users for all in-place security solutions that are partially or wholly operated by the InfoSec team

  • Train end users and promote security awareness to ensure improved system security

 

Skills/Qualifications:

 

Education & Experience:

 

  • Bachelor’s Degree in Computer Information Systems, Computer Science, MIS, Engineering or related technical discipline.

  • 7-10 Years Information Technology experience

    • A minimum of five (5) years of experience in system administration (e.g. server, network)

    • A minimum of five (5) years of formal experience in information security

  • Must have excellent communication skills, with demonstrated ability to successfully handle conflict and be able to maintain calm in stressful situations

  • Strong teaming, relationship management and change management skills

  • Strong organizational and time management abilities

  • Strong analytical and problem-solving skills

  • Strong customer service skills

  • Strong in-depth knowledge of network and security design and architecture

  • Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication and security protocols

  • Knowledge of scripting techniques (Perl, Shell, etc.) and/or programming languages (J2EE, C, SQL, HTML)

  • Strong working knowledge of server, application, and network device security methods and techniques

  • Strong working knowledge of security vulnerability assessment tools and techniques

  • Solid understanding both technically and functionally of Active Directory, DNS, DHCP Group Policy, Security (including SID, GUID, permissions & NTFS)

  • Knowledge in Windows Server Update Services (WSUS - server patch management)

  • Expert knowledge with the use of security vulnerability assessment tools and techniques

  • Expert knowledge with the use of Malware Remediation Tools

  • Expert knowledge with the use of recovery and forensic tools

  • Strong working knowledge of network infrastructures including firewalls, VPN's, Intrusion Detection Systems, vulnerability assessment strategies, web application and device security

  • Solid understanding of security for internetworking protocols, platforms and devices such as IP, firewalls, servers, routers, and switches

  • This position requires in-depth knowledge of domain structures, user authentication and authorization, encryption and digital signatures and networking

  • Solid understanding of the security requirements for HIPAA, HITECH, ISO 27001/27002, and SOX regulations

  • On-Call 24x7 support of critical information security related functions

     

 

Certifications:

 

  • Comptia Sec+

  • GIAC Security Essentials (GSEC) (Preferred)

  • Certified Information Systems Security Professional (CISSP)

  • Cisco Certified Network Professional (CCNP) or Cisco Certified Network Professional Security (CCNP – Security) is preferred

  • Microsoft Certified Systems Engineer (MCSE) (Preferred)

  • SEND YOUR RESUME IN CONFIDENCE TO CLIFF@SSUSA.COM

 

Job Location
Clifton, NJ

Position Type
Permanent

Salary Range
TBD