Security Analyst II

    • Costa Mesa, CA

Security Analyst II

Location: Chesterfield, MO

Salary: $65-75K

IMPORTANT:

- This position requires Federal Security Clearence - the Dept of Education will not process clearance for non-US Citizen. This means the client can only hire US Citizens

- Company culture is conservative. For males, hair below a shirt collar is not accepted here. No earrings for males. Business attire is required - slacks or khakis and a collared shirt every day

General Statement of Duties:

Leads or assists in administration, maintenance, development and/or implementation of policies and procedures for ensuring the security and integrity of all Information Systems and business functions. Performs regular operational security functions and plays key role in supporting security audit and ongoing compliance-related activities.

Essential Duties and Responsibilities:

  • Network Analysis & Vulnerability Management - Assists in maintaining network security policy, standards, processes, and procedures. Provide ongoing management of Information Security procedures, specifications, and diagrams for improving strategies and continued organizational enhancement. Performs regular vulnerability assessments, providing specific guidance to infrastructure personnel on exposures and remediation requirements.
  • Security Tools Administration - Maintain existing security tools, including, but not limited to Firewalls, Security Information and Event Management (SIEM), vulnerability scanning tools, e-mail gateways/spam filters, File Integrity Monitors (FIM), Identity and Access Management, and anti-virus/malware. Evaluate new products and strategies, and make recommendations for improvements where possible.
  • Security Audits - Provide coordination for performing security audits and creation of documentation and remediation plans. Document and report on existing controls to support internal and external audit activities.
  • System Logs - Perform system log monitoring and reporting. Monitor system logs and alerts and provide first level response in determining the severity of alerts and escalating them to management. Manage Splunk implementation for collection and alerting.
  • Risk Management - Facilitate risk assessments of functional areas to identify areas of risk and vulnerabilities, and to recommend alternative strategies.
  • Incident Response - Work as part of an Incident Response Team to respond to, assess, and remediate security incidents as needed.
  • Project Management - When assigned, serve as technical lead for small technical security projects. This includes communicating across technical organizations and creating discrete design, testing, and deployment plans.
  • Training - Develops security awareness by providing orientation, training, and on-going communication. Create documentation and provide training to different teams to enhance awareness of vulnerabilities and other security related issues in an effort to reducing those risks.
  • Documentation Maintenance - Provide ongoing support for maintaining security-related policy, plan, and procedure documentation.

  • Qualifications

    Education/Experience:

    - Bachelor's degree in Computer Science, Information Security, or related field from a four year college or university required.

    - 5+ years of combined IT and application, operating system, or database security work experience with a broad range of exposure to systems analysis, configuration, diagnostics and administration of computer systems.

    - 3+ years of security related experience with various security tools or configuring security related hardware.

    - Knowledge and understanding of regulatory compliance standards, particularly Federal Information Security Management Act (FISMA), including the NIST 800 series and Federal Information Processing Standards (FIPS) is highly desired.

    Reasoning Ability: Working knowledge of documentation provided by technology vendors and commercial software products. Experience applying, supporting or creation of controls associated with Sarbanes-Oxley, SSAE-16 or Federal Security standards. Familiarity and experience with interpreting state or federal requirements/regulations and providing specific guidance for integration into operational environment. Working knowledge of IT functions, specifically understanding system production structure/controls, change management and software development processes. Capable of identifying management, IT system, and operational issues and trends and developing solutions including creating materials, documentation, systems, processes/procedures, and policies.

    Technical Skills: Familiarity and knowledge of current technology used within midsized enterprises, including infrastructure, commercial products, and intranet/Internet and SQL databases. Basic to mid-level systems administration or developmental capabilities in Windows and/or Linux environments.

    Certificates and Licenses: CISSP or other relevant security certifications (CISA, GSEC, Security+) is required.

    Addison Group provides clients with exceptional human capital solutions.

    Addison Group Company Image


    Back to top