IT Security Analyst

Job#: 2083607

Job Description:

Role: IT Analyst

Location: REMOTE

Position Overview:

The IT Security Analyst improves the security posture of the Institute through network monitoring, incident response, vulnerability management, security awareness, and compliance-related work. Analysts utilize multiple technologies to detect and respond to security incidents and recommend the appropriate controls to community members to mitigate threats and vulnerabilities. The position collaborates with teams across the Institute to develop and implement security standards and compliance requirements to support the research and educational mission.

A successful IT Security Analyst possesses a broad understanding of networking, security, and system administration concepts. And possesses a working knowledge of security best practices, exploits, threats, and vulnerabilities across computer platforms. The role requires an individual who can foster innovation and experimentation by applying original thinking, expertise, and professional experience to solve problems and develop new solutions.

Essential Functions:

Incident Management:

Monitor multiple security technologies using a Security Information and Event Management (SIEM) tool to detect IT security incidents.

Investigate detections to determine if true or false positive, utilizing knowledge of the security tools, networking, software, and systems. Determine the impact of incidents to Institute data and systems.

Compile data and reports for operational analysis and respond to incidents with the appropriate communication, following established procedures.

Continuously improve processes, suggesting new alerts, creating dashboards, opportunities for automation, etc.

Security Operations:

Develop and manage security services such as network-based vulnerability scanning, virus management, and intrusion detection.

Consult with clients on the data classification of their information resources.

Assess threats and vulnerabilities regarding information assets and recommend the appropriate information security controls and measures.

Strategy and Planning:

Support the planning, execution, and management of multi-faceted security projects.

Actively participate in the Security team's planning activities.

Research and review new or updated internal or third-party security applications.

Evaluate and recommend tools and solutions that provide security functions.

Communications:

Communicate with all levels of management across the Institute to resolve technical and procedural information security risks.

May represent the IS&T Security team among various departments, labs, centers, and committees.

Collaborate on projects to ensure that security issues are addressed throughout the project life cycle.

Provide reports to management concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.

Compliance:

Stay abreast of new developments within the legal and regulatory environment impacting the Institute.

Maintain an up-to-date understanding of industry best practices, threats, exploits, and trends.

Contribute to the development of security standards and compliance requirements of applications, network infrastructure, servers, and workstations.

Document IT security policies, procedures, and standards.

Education and Outreach:

Develop IT security awareness and compliance training programs in collaboration with team members.

Conduct IT security awareness training sessions for students, faculty, and staff.

Coaching and Mentoring:

Provide ongoing knowledge transfer and training with team members upon technology implementation.

Provide technical coaching and mentoring less experienced team members.

May guide IT colleagues on the usage and administration of security tools that control and monitor information security.

Additional responsibilities as requested and/or required.

Required Qualifications & Technical Skills:

A bachelor's degree (or equivalent work experience) and a minimum of 5 years of experience in cybersecurity, information systems, or another related field are required.

2 years of information security experience required.

Possess a working knowledge of security best practices, threats, exploits, and trends across computer platforms.

Must possess an understanding of networking and system administration concepts and common log types.

Demonstrated experience with security tools such as vulnerability scanners, endpoint detection and response, Intrusion Detection Systems (IDS), SIEM, etc.

Must possess an understanding of common phishing techniques and experience analyzing email headers.

Strong analytical skills with the ability to break down raw information and undefined problems into specific, workable components.

Desired Qualifications & Technical Skills:

Related security certification (i.e., Certified Information Systems Security Professional (CISSP), etc.).

Proficiency with scripting languages (i.e., Python, Ruby, PERL, etc.).

Experience with ticketing systems such as ServiceNow.

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.