Senior Information Security Analyst

Company Name:
Technology Services, LLC
Position Type:
This is a hands-on position, requiring a mix of security administration, engineering and infrastructure experience. Temp-to-perm position; available immediately.

The Senior Information Security Analyst provides business and technical advice on a wide variety of information security issues, concerns, and problems. This position ensures that all business applications developed in-house or developed by third parties include adequate control measures. Working on project teams, an Information Security Analyst is an in-house subject matter expert who diligently assists with the improvement of security on information systems. This position is a visible internal spokesperson of the Information Protection department and is charged with gaining widespread support of and compliance with information security requirements. Involvement in investigations, troubleshooting of security related issues, security reporting and identifying weaknesses will also be required of this role.
This is a hands-on position, requiring a mix of security administration, engineering and infrastructure experience.
Job Duties and Responsibilities:
- Guide developers, third parties, and other internal staff in their efforts to establish and maintain our standards for security controls throughout our SDLC processes
- Ensure security control parameters and appropriate audit trails are integrated into all projects so that sufficient evidence of computerized business activities exists to reconcile accounts, detect fraudulent activity, resolve problems, and maintain secure and reliable information systems
- Develop scripts for tracking security statistics and gathering information for compliance purposes
- Provide in-depth technical advice for investigations of information security incidents including internal fraud, hacker break-ins, and system outages
- Assist with the documentation of information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place, to ensure mitigating controls are in place to prevent future such incidents
- Participate on a computer emergency response team that responds to various security incidents such as denial of service attacks, site/power outages, virus outbreaks, and internal fraud, etc...
- Analyzes selected commercially-available information security products and services for possible adoption or testing
- Provides users and management with technical support on matters related to information security such as the criteria to use when selecting information security products and answers a wide variety of questions about information security
- Acts as a technical information security reviewer of requirements statements, feasibility analyses, operating procedure manuals, and other documents produced during Projects
- Review and approve proposals to significantly enhance or modify the configuration or functionality of Intranets, Firewalls, VPN's, Servers, Applications, Databases, and other critical components of the Information Systems Infrastructure
- Provide special technical guidance to the IT department staff about the risks and control measures associated with new and emerging information systems technologies
- Participate as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developments
- May prepare and periodically update draft information security policies, architectures, standards, and other technical requirement documents needed to advance information security
- Participate in, and acts as a technical leader in, periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applications as well as third parties
- Interprets information security policies, standards, and other requirements in light of specific internal information systems, and assists with the implementation of these and other information security requirements
- Assists with the selection, installation, and adoption of automated tools that enforce or monitor the compliance with information security policies, standards, procedures, and similar information security requirements
- Stay informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional associations, industry conferences, training seminars, and other information sources
- Acts, when needed, as an expert witness in information security-related legal proceedings involving TRG
- Cross-train with other Information Protection team members for when coverage is required, mentoring within the team and outside the team, encouraging all team players to think about Security

- Bachelor's degree and CISSP required. (Other information security certifications, such as, EnCE or GIAC a plus). Must have 4-6 years of in-depth hands-on Information Security experience.
- Must be very knowledgeable in many areas such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, DLP, Encryption, Two-Factor Authentication, Web-filtering, Advanced Threat Protection
- Ability to work within a team setting as well as manage individual projects
- Participated in Audits and Regulation Compliance Assessments
- In-depth knowledge of Windows environments
- Previously developed detailed technical documentation, including project proposals, comparison reports, system assessments and architecture diagrams
- A thorough understanding of SDLC, with an emphasis on secure coding methods in a Windows environment
- Experience with Windows based scripting tools for extracting network and system information, as well as parsing tools for filtering and searching collected data

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.