Security analyst to work on security initiatives defined by the Information Security Unit.
Experience in the field of Information Systems Security
Required. CISSP, CISM, CISA, or System Administration, Networking, and Security Institute ("SANS")/Global Information Assurance Certification ("GIAC")
Certifications preferred. Cisco or Microsoft certifications preferred, with extra preference given to advanced Cisco or Microsoft certifications such as Cisco Certified Security Professional ("CCSP"), Cisco Certified Network Professional ("CCNP"), Cisco Certified Design Professional ("CCDP"), Cisco Certified Internetwork Expert ("CCIE"), or Microsoft Certified Systems Engineer ("MSCE").
Analyst must have a working knowledge of relevant NIST and/or CIS information security regulations and guidelines.
Working knowledge of IT Security Best Practices regarding (a) networks and networking including protocol analysis, anomaly detection, and troubleshooting, and/or (b) working knowledge of IT Security Best Practices regarding Windows and *nix Servers and workstations required. Significant working experience with vulnerability assessment tools including but not limited to the following technologies: databases, web-based applications, Windows and *nix file servers and data networks.
Required/Desired Skills | Skill | Required /Desired | Amount | of Experience |
| Knowledge of networking protocols and systems architecture | Required | 7 | Years |
| Knowledge of Operating Systems (Windows, Linux, Unix) | Required | 7 | Years |
| Understanding of web applications, databases, and cloud technologies | Required | 7 | Years |
| Knowledge of firewalls, antivirus software, and endpoint protection solutions | Required | 7 | Years |
| Ability to identify security vulnerabilities and recommend remediation actions | Required | 5 | Years |
| Intrusion Detection and Prevention Systems (IDPS) | Required | 5 | Years |
| Incident Response | Required | 5 | Years |
| Critical thinking and analytical skills to assess and respond to security incidents | Required | 5 | Years |
| Security information and event management (SIEM) | Required | 5 | Years |
| Data loss prevention | Required | 3 | Years |
| Threat & vulnerability management | Required | 3 | Years |
| Security Awareness & Training | Required | 3 | Years |
| Cybersecurity Digital Forensics | Desired | 5 | Years |
| Certificate Management | Desired | 3 | Years |
| Security Certification (CEH, CISSP, GIAC, CRISC, CCNP/CCNA, Comp TIA Security certification(s), et al | Desired | 3 | Years |
| Network Detection and Response (NDR) | Desired | 3 | Years |
| Cybersecurity Framework (NIST CSF, HIPAA, PCI DSS, CIS, et al) | Desired | 3 | Years |
| Cloud security posture management (CSPM) | Desired | 3 | Years |
| Network access control | Desired | 3 | Years |
| Security Operations Center (SOC) | Desired | 3 | Years |
| Penetration Testing | Desired | 3 | Years |
| Static Application Security Testing | Desired | 3 | Years |
| Dynamic Application Security Testing (DAST) | Desired | 3 | Years |
Questions | No. | Question |
| Question1 | Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you agree to this requirement? |
| Question2 | What is your candidate's email address? |
| Question3 | Where does your candidate currently reside (City & State)? |