The Security Analyst role is to support and promote the client- s Security Program. The Security Analyst assists in the enforcement of corporate, regulatory, and risk management policies and assists in developing, maintaining, and publishing corporate information security standards, procedures and guidelines for the enterprise.
Roles and Responsibilities:
- Provides subject matter expertise to departments on issues of Information Security.
- Performs technical lead functions for security projects, applications and systems.
- Investigate security incidents and reports findings to management.
- Assists in implementing upgrades to information security devices or software.
- Ensure that policies are being followed for the Active Directory groups and report any problems to management.
- Ensure that reporting for Sarbanes-Oxley is performed in a timely manner and controls established are maintained.
- Assist in directing security activities that relate to specific laws and regulations or corporate policy.
- Maintain a good understanding of all system environments and how information is passed/shared between systems.
- Assist in the development and delivery of awareness programs that set the stage for training by changing organizational attitudes to realize the importance of security and the adverse consequences of its failure.
- Partner with other members of the technology team to ensure that technical controls are in place to protect networks, telephony, server, database, data and application environments including but not limited to: user identification and authentication, authorization/access controls, integrity/validation controls, audit trail mechanisms, confidentiality controls, incident response, etc.
- Ensure that adequate controls are considered, evaluated, selected, designed and integrated into systems and that on-going processes are established to maintain acceptable levels of risks
- Responsible for tracking key metrics and producing reports that assist management with making sound security and business decisions including Quality Assurance Activities
- Partner with Business Units to develop secure environments that are connected with corporate architecture and ensure compliance with security procedures.
- Work with the Project Management Office to identify security risk and ensure that the successful delivery of tested applications to the production environment is realized.
- Strong written and oral communication skills.
- Strong organizational skills.
- Strong analytical skills.
- Strong customer service skills.
- Self motivated and directed.
- Experience working in a team-oriented, collaborative environment.
- Ability to communicate technical information in a business friendly manner.
- Familiar with Project Management methodology and SDLC.
- General understanding of IT architecture including hardware, software, database, network, and telecommunications.
- Knowledge of applicable data privacy practices and laws
- High aptitude for learning new tools and skills quickly.
- Good technical documentation skills.
Additional Key Requirements:
- College degree in Computer Science, Information Technology, or related work experience.
- 2 - 5 years of relevant general Information Technology experience required or experience in the Insurance Industry.
- Certification in SCCP preferred.
o In-depth understanding of and experience with LAN, WAN, VPN and Firewall network devices.
- Risk Assessment
- Risk Management
- PCI Compliance
- Vulnerability Assessment
- Penetration Testing
o In-depth understanding of Cisco ASA Rules
o In-depth understanding of and experience with Intrusion Detection Systems, Web Application Firewalls and Proxy Appliances
o In-depth understanding of and experience with Incident Handling and Response
o In-depth understanding of risk assessments, vulnerability management and penetration testing
o Ability to manage and direct enterprise wide Information Security awareness program
o In-depth understanding of and experience using ITIL Service management techniques
o Experience providing information security guidance and consulting to both non-technical and technical teams that may not be conversant in InfoSec practices
o In-depth understanding of and experience with the following software:
Symantec CCSVM, Tenable Security Nessus, RelSec RSAM, BurpSuite, Samurai WTF, eEye SecureIIS
The Merge Computer Group Inc. (Merge) is an Information Technology staffing services firm that serves public sector and commercial clients...