The Information Security Analyst is part of a team that is responsible for prevention of Cyber Security Incidents utilizing monitoring, detection and analysis of potential intrusions in a multi-platform environment, including using troubleshooting tools to review and respond to cyber threats, handling or escalating security threats as needed. The position interacts with IT peers to collect information and share through service level reporting. The position also maintains system documentation and monitors security vulnerabilities according to department procedures, escalating issues when needed to team members or management.
Duties and Responsibilities
Performs hands-on security integration, development, testing, and implementation.
Daily review of Security Alerts, Security Dashboards, SEIM/SOAR systems.
Assists with company security assessments.
Evaluates new and existing security tools, platforms and technologies.
Performs in all activities of Certification and Accreditation (C&A) / Assessment and Authorization (A&A) efforts for information systems, networks, and site accreditations.
Support the implementation of ISO27001 Cybersecurity Framework (CSF) and HiTrust CSF, security test plans/procedures for complete Information Systems.
Support security analysis of system risks and vulnerabilities.
Participates in the hands-on scanning and patching of Windows/Linux/MacOs systems using vulnerability scanning tools, as well as patch management tools.
Performs monthly, quarterly, yearly Security Pen-testing, Security Scans, Red Team/Blue Team engagements.
Provides computer and network security analysis during systems development through product delivery including code review, vulnerability scanning and remediation.
Works with business units for delivery of security documentation.
Acts as a member of the Company Cyber Incident Response team.
Assist in the Security architecture, design, configuration, evaluation and implementation of AWS/GCP public cloud including connectivity, network,containerization and monitoring.
Develops scripts/programs to automate system compliance lockdown processes.
Assist with Integrations into new and existing SaaS systems.
Assist during all BCP/DR (Business Continuity / Disaster Recovery) activities (test or otherwise)
Collaborate with the Information Security Manager to ensure the company Network and Infrastructure systems conform to company Security policies and procedures.
Required Education and Experience
AA or AS degree in computer science, information systems or a related field.
Background in Information Security, Systems Administration and Information Technology
Public Cloud Infrastructure Expertise (GCP, AWS or Azure)
Full-stack knowledge of IT infrastructure, from applications & databases to hypervisors and networking.
Linux/Windows/MacOS System Administration
Excellent technical writing skills.
Knowledge/Experience with vulnerability scanners and penetration testing tools.
OSINT and Social Engineering skills.
Solid understanding of computer networking.
Basic understanding of software development / build processes.
Experience in Network/System Administration.
Experience in Physical Security practices.
Familiarity of CBK for Info Sec from ISC2.org, ISACA and CompTIA.
A thirst for knowledge and self improvement.
SSCP or CompTIA Security+ certified professionals preferred.
Minimum 2-4 years experience in Cybersecurity technology or a related technology field.
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Regularly required to talk or hear.
Regularly required to use a keyboard and computer.
Frequently required to stand, walk, sit, use hands, handle documents, and reach with hands and arms.
Core Competencies
Active Communications (Verbal, Written, Listening Skills)
Adaptability
Attention to Detail
Composure
Conflict Management
Customer Orientation
Productivity
Professionalism
Responsiveness
Team Player
Position Type/Expected Hours of Work
This is a full-time remote position with days Monday through Friday. Occasional evening and weekend work may be required, as needed.
Travel
Occasional travel may be required for this position.
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
ScribeAmerica provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity and/or expression, national origin, age, disability, genetics, protected veteran status, or any other legally protected group status. In addition to federal law requirements, ScribeAmerica complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
ScribeAmerica expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, gender identity and/or expression, national origin, age, disability, genetics, protected veteran status, or any other legally protected group status. Improper interference with the ability of ScribeAmerica’s employees to perform their job duties may result in discipline up to and including discharge.
