IT Security Analyst

Role: IT Security Analyst

Duration: Full Time 

Location: Parsippany NJ 

Position Summary: 

The core responsibility of the IT Security Analyst is operating and maintaining all operational security solutions. That includes vendor updates and upgrades, health and performance monitoring, configuration management and identification, investigation and resolution of security breaches detected by those systems. 

Additional responsibilities include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments. The IT Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Include the following:

Operational Management

• Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).

• Maintain operational configurations of all in-place security solutions as per the established baselines.

• Monitor all in-place security solutions for efficient and appropriate operations.

• Analyzing and evaluating data from multiple sources to gain awareness of potentially suspicious and anomalous activity. 

• Following detailed operational processes and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents.

• Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.

• Participate in investigations into problematic activity.

• Participate in the design and execution of vulnerability assessments, penetration tests and security audits.

Acquisition & Deployment

• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.

• Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.

• Perform the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.

• 

Strategy & Planning

• Participate in the planning and design of enterprise security architecture 

• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures)

• Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan

EDUCATION/EXPERIENCE/PERSONAL REQUIREMENTS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The core competencies listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Formal Education & Certification

• Bachelor's degree in Information Technology. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree. 

• 3-5 years of technical experience in the security aspects of multiple computer platforms, operating systems, products, network protocols and system architecture. 

• At least one or more of the following certifications:

• GCIA

• GPEN

• GCIH

• CEH

• CISSP 

Knowledge & Experience

• Strong knowledge of information security, client/server architectures, and networking

• Strong knowledge of current and evolving cyber threat landscape

• Significant theoretical and practical knowledge in the following areas:

Unix, Linux, Windows, etc. operating systems, well-known networking protocols and services (FTP, HTTP, SSH, SMB, LDAP, etc.), exploits, vulnerabilities, network attacks

• Proficiency, and experience, using information security tools and related methodologies. 

• Experience investigating security incidents. 

• Knowledge of specialized telecommunication techniques such Virtual Private Networks, encryption methodology and their associated technologies. 

• Knowledge of industry standards including SSAE 16, ISO 27001, etc.