Please send your resume in WORD format should you be interested in the following Information Security Analyst position. Our client is based out of the New York, NY 100041482 area. This is a Full-time/Direct-Hire/Permanent role with a salary range of $170K + bonus and great benefits.
Job Title: Information Security Analyst
Location: New York, NY (Hybrid 2/3 Day WFH)
Salary: $170K + bonus and great benefits
3rd Party C2C/Transfer: No
Referral Fee: $500 - refer qualified colleagues, friends and family
Vaccination Required: YES
Please reply with an updated resume in Microsoft Word format
This position works with the Director of Infrastructure & Security on the maintenance and implementation of the Firm’s Information Security and Management System, as well as day-to-day monitoring of information security alerts, threats, and threat intelligence. This position also works closely with engineering resources on all teams to ensure procedures are followed and established high standards for information security are met.
The Information Security Analyst position will report directly to the Director of Infrastructure & Security.
Principal Duties and Responsibilities
- Manage, configure, and support on-premise and cloud-based information security monitoring systems including, but not limited to, Dell SecureWorks, Microsoft Office365/Azure security consoles, Cisco Umbrella and Palo Alto Panorama.
- Review and triage information from the sources listed below. In all cases, provide analysis, determine, and track remediation, and escalate as appropriate.
- Information security monitoring systems
- Third-party threat intelligence
- Vendor vulnerability information
- Coordinate activities of vendors performing vulnerability, risk analysis, and penetration testing.
- Oversee and coordinate remediation steps with responsible Information Systems teams and other departments as needed.
- Manage and oversee internal department auditing function, which includes a review of user accounts; elevated privileges; patch and security configuration status; and information access.
- Manage the maintenance and development of the policies and procedures related to the Firm’s Information Security Management System (ISMS).
- Actively participate in the Firm’s Computer Security Incident Response Team (CSIRT) and Information Security Forum (ISF).
- Participate in the client security assessment and review process including communication with the client information security team, completion of written assessments, a compilation of requested evidence, and participation in client audits.
- Performs other related duties as required by the Firm
Position Specific Skills and Requirements
- Strong knowledge of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research the current information security landscape.
- Ability to research, develop, and keep abreast of tools, techniques, and process improvements in support of security detection and analysis in accordance with current and emerging threat and attack vectors.
- Strong understanding of internal control concepts and policies with a focus on improving process/procedure manuals and documentation.
- Familiarity with the ISO 27001 certification process a plus
- Strong knowledge of Incident Analysis and Response concepts and techniques, including incident tracking process, root cause, lessons learned and process improvements.
- Strong writing skills.
- Working knowledge of network devices and architecture, TCP/IP, network protocols, server operating systems, vulnerability scanning, endpoint protection, intrusion detection, firewalls, and content filtering.
- Knowledge of MFA, PKI, Palo Alto, Cisco ASA, IDS/IPS, KiWi, SolarWinds, Nessus, Windows, Linux/Unix, VMware, IDS/IP, forensic discovery, Certificate Authority (CA), PKI, Kerberos, SSL, HTTPS, LDAP, Active Directory, Group Policy, DNS, NTFS, SharePoint, Remote Access, Citrix, VDI, ACLs, etc
- Experience with various social engineering, and penetration testing approaches/tools for vulnerability identification, enumeration, and purposeful exploitation to determine the security posture of a network, system, or application's security configuration
- Ability to handle sensitive and/or confidential material and information with suitable discretion
- Ability to take on additional tasks as defined by the Director of Infrastructure & Security.
- Excellent communication skills
Education and General Requirements
- Bachelor’s degree, preferably with the strong academic record.
- Information Security certification is strongly preferred.
- Attributes expected of all candidates include responsibility, honesty, reliability, initiative, patience, attention to detail, determination, taking pride in one’s work, and a desire to learn.
- Interpersonal skills are necessary to interact and work productively as part of the Information Systems team, delivering high-quality services to the Firm and our clients.
- Ability to meet deadlines and effectively complete operational and project-based assignments.
- Ability to communicate effectively, in person and in writing, with Firm personnel at all levels and outside parties as necessary.
- Ability to work independently.
- Attendance Requirements:
- On-site during normal working hours and available as necessary before or after normal working hours to work at the Firm, over the telephone, or at off-site meetings, to meet the demands of the job and the needs of the Firm.
- Expected to carry a wireless email device and respond when necessary.
- Travel Requirements:
- Ability to engage in off-site travel as required from time to time, to meet the demands of the job, and the needs of the Firm.