An Information Security Analyst III will be responsible for identifying, assessing, and mitigating vulnerabilities in an organization’s systems and applications as part of our Vulnerability Management team. The identified candidate will work closely with other members of the IT and various business units to provide expertise to help identify and prioritize defects in IT solutions as well as provide timely assessments in support of business projects and audits.
Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures as well as maintaining operational baselines for related security tooling.
The Information Security Analyst III will bridge the gap between IT, Information Security, and the business with respect to analyzing the security of the organization. They will engage with business leaders and users to understand the security impacts to the organization of changes to process, products, and services. This role requires extensive coordination and communication skills.
Responsibilities:
Participate in the design and execution of vulnerability assessments, security audits, and penetration tests executed by external third parties. Analyzing and prioritizing vulnerabilities based on their severity and potential impact. Advanced analysis of vulnerabilities to communicate exposure risk and identify and recommend mitigation actions. Developing and implementing vulnerability remediation plans. Perform in a leadership role for internal vulnerability assessment projects and audits. Collaborating with other security teams to ensure that vulnerabilities are addressed in a timely and effective manner. Monitor in-place security solutions for efficient and appropriate operations. Research and assess emerging threats and vulnerabilities. Preparing and delivering routine assessment reports as well as develop customized reports based on need and target audience. Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate. Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
Requirements:
Bachelor's degree in IT, related technical discipline, or equivalent preferred. Minimum of 5 years of IT work experience and a minimum of 5 years of relevant technical experience. Certifications related to specific technical areas of competency preferred. (For example, GPEN, OSCP, CISSP, GSEC, etc.) Knowledge base acquired from experience in various relevant areas. Fully proficient in applying established standards in focus and adjacent technical areas. Ability to define highly complex and specialized projects, perform analysis, and make sound decisions. Capable of managing varied assignments and work independently as well as instruct and coach other professionals. Strong communication skills with all levels of the business (from User to Executives levels) and the ability to leverage knowledge of the appropriate approach and degree of detail for each. Strong Practical fundamental knowledge of IT and Information Security principles and techniques, business unit products and services, industry standards and government regulations. Requires use of advanced techniques, procedures and criteria used for carrying out a sequence of discipline tasks.
Benefits: