Senior Security Systems Analyst
The Systems Security Analyst plays an integral role by implementing, maintaining and enforcing multiple data/cyber security standards, processes, and initiatives while protecting the confidentiality and integrity of Empyrean’s information assets on multiple platforms.
Are you versed in Windows and Linux?
Do you know more about certificates than just how to order them from an internet domain registrar or web hosting company?
Can you explain Cert Keys, Authorities; chains and types?
Have you performed all major operations PKI is meant to do with encryption, decryption, sign and verify?
Do you know PGP and/ or GPG in and out and have you used it extensively before?
Do you keep up with the latest threat and zero day exploit announcements?
Have you had experience with ‘Heartbleed’ or ‘Shellshock’
Have you had experience with intrusion detection systems much like
Can you write a basic IDS signature?
Have you had experience with Major Mail scanning tools?
Have you had experience writing signatures in reg-ex?
Do you have hands on experience with penetration distribution?
To fulfill this role, the Systems Security Analyst will:
- Assist with documenting a secure configuration standard for managed file transfer and email.
- Configure, manage and monitor FTP systems pertaining to security standard.
- Configure, manage and monitor outbound secure email gateway policies
- Analyze file transfers for encryption, file integrity and unauthorized disclosure, to ensure security/encryption policies are adhered to.
- Conduct periodic vulnerability scans on test, dev. and production systems to ensure all systems are in compliance with latest patches and Empyrean’s security policy
- Review vulnerability scan reports and manage a remediation process to mitigate risks.
- Conduct risk assessments on Active Directory, Windows and LINUX servers and network equipment.
- Perform audits of access control list of systems and applications.
- Set up requested FTP/SFTP sites.
- Manage all PGP encryption configurations and generation of public/private keys
- Manage master encryption key ring and Key Vault
- Conduct periodic audit to ensure encryption policy is being adhered to
- Monitor and manage Empyrean’s Domain, SSL/SSO certificates
- Assist with a developing and enforcing a DLP policy on endpoints at Empyrean.
- Working in conjunction with Empyrean compliance department, conduct security incident investigations and complete security incident reports
- Manage Empyreans penetration tests
- Bachelors Degree preferred 3 to 5 years equivalent experience in IT Security
- Has experience working with Secure email, FTP,SFTP,AS2 systems and applications
- Understanding and working knowledge of Public Key Infrastructure (PKI).
- Basic knowledge of networking protocols and the OSI and OWASP models.
- Knowledge of requirements mandated by regulatory laws such as, HIPAA and the Privacy Act.
- Knowledge FIPS 140-2 approved encryption algorithms such as AES, 3DES, IDEA and etc.
- Familiarity with NIST Special Publications as a guide for documenting security technology standards.
- Be familiar with the ISO 27002, HIPAA security framework.
- Be familiar SSAE-16, SOC l & ll audits
- Work toward good understanding of process flows as it relates to integrating MFT with Empyrean’s internal application.
- Solid background and understanding in net-working concepts, protocols, configurations, firewalls, routers, network/system/security devices
- Has experience or exposure to packet captures and analyze data using company approved sniffer tools.
- Working knowledge of Group Policy and Active Directory.
- Security certifications preferred (such as, CISSP, GIAC,CCFP,HCISPP, SSCP,CNP)
Back to top