Senior Security Analyst

Title : Senior Security Analyst

Location : Hybrid-Jacksonville, FL 32202

Duration : 12+ Months Contract

POSITION SUMMARY:
Professional work that implements, maintains and troubleshoots enterprise security systems in a complex, integrated information technology systems environment. Consults with internal business customers to determine security requirements. Provides technical advice and counsel to less experienced analysts.

Required to assist in maintaining 24 X 7 systems availability.
REQUIRED COMPETENCIES:
Advanced In-depth understanding of the required competencies with advanced skills and abilities, sufficient to successfully apply them under limited supervision in multiple situations.
Knowledge of:
Applicable programming languages and coding techniques.
Systems hardware, software and data communications functionality and capability.
Systems Development Life Cycle (SDLC) deliverables and tools.
Process management, performance tracking and measurement tools.
Data driven problem-solving techniques and technical report writing
Various cross-platform software systems.
Configuration management concepts and tools.
System and business architecture design concepts.
Information Technology Library Infrastructure (ITIL) framework and best practices.
Applicable industry standards for security systems.
Skill in:
Implementing, maintaining, and troubleshooting software systems.
Designing, creating, and interpreting flowcharts.
Testing software or hardware security installations, enhancements and upgrades.
Troubleshooting and resolving software related issues.
Ability to:
Oversee the work of others, and provide coaching, mentoring and training.
Set priorities and establish a systematic course of action to ensure accomplishment of objectives on time and within budget.
Deal with ambiguity and make decisions with limited information.
Exercise creativity and imagination in approaching assignments.
Quickly grasp new ideas and concepts.
Work well within a team and assist others with their assignments.
Acquire and maintain knowledge of the business of Technology Services products.
Research and acquire knowledge of developing information technology trends and emerging technologies.
Identify what issues need to be communicated and inform others.
Establish and maintain effective working relationships with internal customers.
Use communication skills, orally and in writing, with users with varied backgrounds and experience.
Follow through with commitments.
EXAMPLES OF PROFESSIONAL WORK:
May monitor the work of others and provide some coaching and mentoring.
Implements, maintains and troubleshoots software systems.
Performs security audits, risk assessment and analysis.
Tests software systems.
Makes recommendations for enhancing and formulating policies and procedures.
Consults with internal customers to identify and analyze needs and recommends solutions that meet business goals.
Resolves problems and provides technical assistance and training to users in software enhancements and upgrades.
Performs or ensures system administration tasks, including adding users, user groups and accounts are successfully accomplished.
Analyzes, diagnoses, troubleshoots and resolves software and production issues.
Writes or modifies basic scripts and performs light programming to resolve performance problems and automate systems administration tasks.
Resolves escalated problems and identifies and recommends responses to new or unusual situations.
Ensures system documentation and logs are maintained and procedures are documented.
Reviews research data; and performs or ensures testing and evaluation of vendor hardware, software and other system components is performed as required.
Manages vendor relationships.
Ensures that plans and procedures for operating under both normal and emergency conditions are accurate, appropriate and up-to-date.
Promulgates and enforces established technical and procedural standards.
Assists in disaster recovery testing.
Resolves escalated problems, responds to new and unusual situations and recommends solutions to systemic problems.
Participates in ongoing training to continuously upgrade technical knowledge and skills.
Performs other job-related tasks as assigned.
Additional Comments Regarding this Position:
SUPPLEMENTAL SHEET SECURITY ANALYST SENIOR
INFORMATION SECURITY (IS)
The following are in addition to the general specification description for this classification.

KNOWLEDGE, SKILLS, AND ABILITIES: Knowledge of:
Systems, data and network security administration, including firewalls, encryption technologies and network protocols.
Information Security Frameworks such as NIST Cyber Security Framework, Critical Security Controls, COBIT.
Infrastructure, sufficient to work across organizational lines with other teams to resolve problems and issues.
Local, state and federal emergency planning processes.
Skill in:
Designing, implementing, and administering information security systems including logical access.
Developing, installing, and supporting information security solutions.
Identifying and mitigating potential information security vulnerabilities.
Troubleshooting and resolving multiple information security issues.
Performing log analysis such as operating systems, networks, or applications
Scripting languages such as VBScript, Python, or PowerShell and Regex expressions.
Leading all phases of Incident Response process.
Operating systems, network/system architecture, protocols, and services.
Identifying and mitigating threats, vulnerabilities, and exploits.
Applicable programming languages and coding techniques.
Systems Development Life Cycle (SDLC) deliverables and tools.
Completing and adhering to enterprise change management processes.
Detailed log analysis utilizing a SIEM (Security Information and Event Management) and Raw logs.
Leading Security Operations Center operations and strategies functioning at all Tiers.
Security system analysis, design, programming and installation.
Network management protocols, architecture and authentication practices.
Infrastructure, sufficient to work across organizational lines with other teams to resolve problems and issues.
Profiling threat actors, to identify tactics, techniques, and procedures (TTP) of advance persistence threat operations.
Leading and coordinating threat hunting and analysis activities.
Driving and coordinating system optimization, tuning, and remediation initiatives.
Analyzing security controls and processes for continual improvement.
Performing computer forensics protocols and evidence gathering including acquisition, analysis, and reporting.
Executing activities in the areas of security risk identification, analysis, classification, and mitigation strategies.
Leading creation of information security regulatory requirements, security policies, and security best practices. Advises departments across the organization on appropriate controls consistent with security policies, standards, and best practices.
Cloud based services, offerings, and architecture such as SaaS (O365), PaaS, and IaaS in the cloud providers AWS and AZURE.
Advanced skills in using required software including Microsoft Office (Excel, Word, PowerPoint, Outlook) and Visio.
Ability to:
Creatively solve problems.
Research and acquire knowledge of developing information security trends, emerging technologies, and best practices.
Deal with ambiguity and make decisions with limited information.
EXAMPLES OF PROFESSIONAL WORK:
Implement, administer, monitor, maintain, and update user accounts, firewalls, virus prevention systems, and other security systems.
Including cloud-based services, offerings, and architecture such as SaaS (O365), PaaS, and IaaS in the cloud providers AWS and AZURE
Monitor the performance and health of systems, including assisting in responding to incidents and troubleshooting.
Perform intrusion detection analysis and researches attempted breaches of data security and rectifying security weaknesses.
Detect and investigate system vulnerabilities and abnormalities, mitigate, and prevent.
Trend security events for baselines.
Establish standards and perform audit of security controls.
Update communication platforms such as SharePoint for Security Awareness.
Establish and maintain inventory of systems, attributes and associated controls.
Investigate incidents including technical write up of events and trending.
Perform system design, installation and administration, including creation or editing of operational guides.
Test and evaluate new technology.
Perform vulnerability/pen testing including mitigation plans.
Analyze security requirements and provide objective advice ensuring adherence and implementation.
Design, analyze and implement effective information security systems and controls.
Configure, optimize, fine-tune, monitor, and maintain server operating system and system applications.
Write and/or edit Requests for Proposals (RFPs), Requests for Information (RFIs), Intent to Negotiate (ITN) related to technology projects.
Respond to evidence requests in support of regulatory compliance.
OPEN REQUIREMENTS:
Bachelor of Science (BS) degree in Computer Science, Information Security, or related discipline and four (4) years of professional experience in a system administration role in a large corporate environment.
-OR-
Eight (8) year combination of education, training and experience in installing, supporting, and maintaining servers and other computer systems in a large corporate environment.
Windows: Five (5) years of experience must be in a Windows environment.
LICENSE/CERTIFICATION/REGISTRATION:
Two (2) or more, or their equivalent:

DoD 8570 Certifications
GIAC Continuous Monitoring Certification (GMON)
GIAC Global Information Assurance - Public Cloud Security (GPCS)
Microsoft Certified Systems Engineer (MCSE)
Amazon Web Services Cloud Practitioner
Amazon Web Services Solutions Architect Associate/Professional
Amazon Web Services Certified Security Specialty
Azure Fundamentals
Azure Security Operations
Azure Security Technologies
Azure Security Engineer
Azure Solutions Architect
Aviatrix Certified Engineer (ACE)