Our client is looking for a Security Analyst responsible for the execution of the Information Security program, including participating in its design, actively identifying vulnerabilities and monitoring mitigation, leading incident response, performing security reviews, and educating the user community on information security matters.
Essential Duties and Responsibilities
- Participate in the development and oversight of information and operational technology security programs and risk management strategies.
- Document and update elements of the Information and Operational Technology Security Governance portfolio, including policies, controls, processes, procedures, and standards to support its objectives.
- Implement the Security Governance portfolio, including guidance, identification, evaluation, design, development, implementation and integration of security controls and processes, including security incident response plans and processes.
- Assist in evaluating the performance of the Security Governance portfolio, including participating in security audits, risk, threat, and vulnerability assessments, controls analysis, and process reviews. Includes planning, executing, reporting, making and documenting recommendations to mitigate risks and enhance network, system, and data security.
- Work closely with Information Technology staff and service providers to assure new applications, systems, and functionalities meet the Company’s security requirements. For new and changing systems, conduct Security Architecture and Compliance Reviews.
- Conduct accurate, precise, real-time analysis and correlation of logs/alerts from multiple systems and devices, to identify events rising to the level of security incidents, and coordinate and provide incident response.
- Participate in the design and assessment of disaster recovery plans.
- Collect, analyze, and report information and operational technology security metrics.
- Provide specific assistance and subject matter expertise in security projects and initiatives.
- Remain knowledgeable on new information security technology, regulations, standards, threats, and vulnerabilities.
- Participate in the development, implementation, and maintenance of the Information Technology Security Awareness program and demonstrate the ability to influence, motivate, persuade, mentor, and train various groups and individuals.
Other Duties and Responsibilities
- Responsibilities during off-hours related to monitoring and responding to alerts, outages, and certain security-related helpdesk incidents, as needed.
- Assist with technical projects as requested.
- Perform other duties as assigned.
Qualifications:
Required Education, Experience, Licensure
- Associates Degree in Computer Science or a related field of study; or Two (2) years of experience in Information Security.
Preferred Education, Experience, Licensure
- Bachelor’s Degree in Computer Science or a related field of study; or Four (4) years of experience in Information Security.
- One (1) or more Information Security Certifications: i.e., (ISC)2 CISSP, ISACA CISA, SANS GIAC, Computer Forensic External Certification-CFEC, CERT-Certified Computer Security Incident Handler, etc.
- At least one (1) year experience in Oil & Gas Industry.
Required Core Competencies – Knowledge, Skills, and Abilities
- Ability to communicate clearly with all levels of the user community, as well as Information Technology groups, in verbal and written form.
- Strong working knowledge of malware, advance persistent threats, intrusion prevention and detection systems, encryption, firewalls, access and authentication methods and technologies, and next generation security methods and technologies.
- Strong working knowledge of Microsoft Windows server, workstation, and database security, as well as the impact of virtualization and wireless systems on security.
- Working knowledge of security tools, including, but not limited to NMAP, Nessus, TCPDump, Wireshark, Netcat, and Metasploit.
- Complex understanding of computer equipment and peripherals.
- Ability to communicate clearly with all levels of the user community, as well as Information Technology groups, in verbal and written form.
- Ability to conduct effective training sessions.
- Pragmatism: Approach solutions to problems in a sensible, realistic and practical manner.
- Judgment: Demonstrate consistent, logical and rational approach to issues.
- Intelligence: Demonstrate the ability to acquire understanding and absorb new information rapidly.
- Analytical Skills: Identify significant problems and opportunities, analyze problems in depth, and relate and compare data from different sources.
- Decision Making: Make decisions in a decisive but contemplative manner and anticipate the consequences.
- Independence: Understand the importance of being committed to a team, and exhibit a willingness to take a stand on key issues.
- Assertiveness: Take a forceful stand on issues without being abrasive.
- Stress Management: Remain poised under heavy pressure.
- Discipline: Behavior in accordance with rules of conduct and a good work ethic is applied daily in routine task management.
- Integrity: Does what is right and is trustworthy.
- Conflict Management: Understand the natural sources of conflict and act to prevent or resolve them.
- Resourcefulness: Go above and beyond the normal requirements to overcome difficulties.
- Adaptability: Adjust to quickly changing priorities.
Supervisory Responsibilities
- Functions as an individual contributor with no supervisory responsibilities.
Work Environment
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.
- Job is performed in an office setting with exposure to computer screens and requires regular use of a computer, keyboard, mouse, and communication systems.
Physical Demands
- Occasional field location visits may present more strenuous exertion than office work, like walking around a field location and interacting with the user community located there.
Travel Requirements
- Minimal travel may be required to other locations.