Information Security Analyst
Information Security AnalystNo Agencies, Please Summary:This position is part of the DRC Information Security Team responsible for ensuring the secure operation of the DRC systems. This includes assessing the environment for its current state of security; putting in place monitoring and altering against security threats, security vulnerabilities and attacks; verifying that the environment is appropriately protected from internal and external threats; while enabling the organization to work effectively and productively. The position evaluates the risk verses the business value to mitigate and make appropriate recommendations. Essential Position Responsibilities:
- Monitor DRC’s environment for security breaches and investigate a violation when one occursOversee the integrity and protection of networks; systems; and applications through enforcing organizational security policies and standards; by implementing and monitoring vulnerability and compliance scanning.Perform periodic and on-demand system audits and vulnerability assessments; including user accounts; application access; file system and external Web integrity scans to determine compliancePrepare incident reports that document security breaches and incidentsAssist with conducting Risk Assessments on critical assetsAssist with security auditsResearch the latest information security trendsAssist with the development of security standards and best practices for the organizationAssist with conducting penetration testing, simulating attacks to identify vulnerabilities in DRC systemsRecommend security enhancementsPerform other duties related to Information Security as required in an appropriate manner suitable for DRC’s culture and business risk
- 3+ years of experience in a security administration role in an enterprise environment with the most recent experience being within the last year.Possesses a high level of personal integrity and the ability to discreetly handle sensitive, personal and classified case information.Experience deploying, configuring and supporting vulnerability scanning and penetration tools. Experience with vulnerability management tools--Tenable Security Center is strongly preferred.Experience deploying, configuring and supporting Security Information and Event Management (SIEM) solutions for real-time analysis and alerting of security incidents. Experience with LogRythm is strongly preferred.Knowledge of securing Windows, Linux (CentOS preferred) and Cisco devices in production environments.Experience performing risk management and vulnerability assessments.
- College degree or equivalent work experience.Security certification such as Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Auditor (CISA).Understanding of advanced security protocols and standardsExperience supporting and participating in third party vendor security assessments and audits, reviewing completed security assessments and audits findings as well as reviewing responses to security findings and remediation.Experience with Federal Information Security Management Act (FISMA) leveraging National Institute of Standards and Technology (NIST) security controls (NIST 800-53, rev 4).Working with Department of Defense (DoD) security requirements under NIST Risk Management Framework (NIST 800-37, rev 1) is a plus.Understanding of patch management processes and best practices.Knowledge of IT/Security industry trends, best practices and processes.Experience with compliance to Family Educational Rights and Privacy Act (FERPA) and/or Health Insurance Portability and Accountability Act (HIPAA) a plusAbility to adapt to changing work requirements and work in fast-paced environment.
- Will be required to pass a government background check upon hireReport to work promptly when scheduledAbility to work under supervision and accept feedbackFamiliarity with Microsoft Office Suite Relate effectively and work respectfully with diverse work groups Ability to consistently perform well during times of increased work load Set and meet deadlines Manage multiple job functions simultaneously Other duties as needed
- Ability to sit and/or stand for up to 8 hour periods of timeAbility to look at a computer monitor, utilize a keyboard and/or mouse for up to 8 hours per dayAbility to lift up to 20 pounds as necessary