Information Security Analyst Description/Job Summary
The Information Security Analyst is responsible for monitoring the IT security infrastructure within the Firm’s network, articulating technical security requirements, monitoring the effectiveness of the existing IT security controls framework, making recommendations for enhancements, and raising the level of security awareness. The incumbent will be a part of the security team that safeguards the infrastructure and information across the Firm worldwide.
Responsibilities/Duties
- Monitor the Firm’s Security Information and Event Management (SIEM) and other alerting systems to identify security issues for remediation.
- Analyze and detect phishing / malicious emails and email attachments utilizing the Firm’s tools.
- Detect the potential impact of incidents or alerts and whether escalation and reporting are required.
- Analyze potential threats from a multitude of log sources and decide whether events are false positives or potential security threats.
- Actively monitor and respond to critical systems alarms.
- Review security and threat intelligence bulletins from open and other intel sources
- Triage employee reported issues and respond to them via the ticketing system
- Investigate, document, and report on any information security issues as well as emerging trends
- Report concerns of residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance, to management
- Participate in the computer security incident response team efforts and other security investigation activities as assigned
- Participate in security incident response efforts to include remediation with an appropriate sense of urgency and criticality
- Work with IT team to produce monthly operational metrics
- Drive continuous improvement through trend analysis reporting and metrics management
- Provide technical assistance to IT staff in the detection and resolution of security problems
- Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks
- Communicate and report issues, status, and results to senior management
- Perform other duties as assigned
Required Experience
- 4+ years of experience in information security related responsibilities
- Understanding of operating systems such as Windows
- Understanding of networking, network components and security tools (i.e., malware prevention, vulnerability scanners and networks)
- Knowledgeable in DLP, SIEM, AV, APT and Vulnerability Analysis principles
- Ability to effectively prioritize and execute tasks
- Ability to effectively present information verbally and in writing
- Must be able to work collaboratively in a team environment and independently
- Ability to handle sensitive and/or confidential material and information with suitable discretion
- Excellent interpersonal skills and a professional demeanor; ability to work effectively with all levels of Firm personnel and vendors
Required Education
- Bachelor’s degree required
- Understanding of the latest security tools (i.e., malware prevention, vulnerability scanners and networks)
- Professional certifications, such as CISSP, CISA, or CISM