PERM: Nuclear Security Analyst (Encryption, End Point Forensics, Pen Testing, ingress/egress, Malware, Risk Assessments)

Nuclear Security Analyst, Encryption, End Point Forensics, Pen Testing, ingress/egress, Malware, Risk Assessments
Full Time
Depends on Experience
Travel required to 25%.

Job Description

TITLE: PERM: Nuclear Security Analyst (Encryption, End Point Forensics, Pen Testing, ingress/egress, Malware, Risk Assessments)

LOCATION: Corvallis, OR

DURATION: PERM

POSITION SUMMARY: The Information Security Analyst 3 will work on all aspects of information security at TEG Client.

The position is responsible for securing information in all its forms and reducing risk as it relates to TEG Client's data, facilities, and personnel through the deployment and operation of security tools and processes.

This includes architecture, policy, operations, development, training, and incident response. Is a senior technical escalation resource and liaison for client support teams dealing with endpoint, networking, and security issues.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

  1. Acts as a contact for escalations from client support for security-related issues and leads problem resolution.
  2. Leads the deployment and support of existing client programs where there is a security nexus.
  3. Ensures that security architectural and hardware changes do not introduce risk or adversely impact network and client support operations.
  4. Collaborates across the IT organization to ensure the needs of relevant stakeholders are addressed and participates in organization-wide projects.
  5. Monitors advanced security tools and analyzes data to detect and prevent possible breaches. Prepare reports as needed on security incidents; develop, lead, and implement remediation responses.
  6. Maintains the physical security and badging systems to protect TEG Client local and remote resources.
  7. Conducts vulnerability testing to detect problems with TEG Client networks and systems. Reports results to operations teams and advises on the remediation and possible impact.
  8. Serves on the TEG Client Incident Response team to quickly identify, contain, analyze, remediate, and document security incidents.
  9. Remote support and on-call hours may be required on a rotational basis.
  10. Continuously improve information security at TEG Client through research, testing, and implementation of new technologies, tools, and improvements to existing tools, processes, or designs; makes recommendations to the Information Security Manager.
  11. Performs other duties as assigned.

CORE COMPETENCIES: To perform the job successfully, the individual should demonstrate competencies in performing the essential functions of this position by performing satisfactorily in each of these competencies.

  • Problem solving: Identifies and resolves a diverse range of moderately complex problems in a timely manner, gathers and reviews information appropriately. Exercises judgment within company policies and practices; seeks input from other team members as appropriate for complex or sensitive situations.
  • Oral/written communication: Listens carefully and speaks clearly and professionally in all situations. Edits work for accuracy and clarity, Is able to create, read and interpret complex written information. Ability to build productive relationships with senior internal and external personnel in own area of expertise.
  • Planning/organizing: Prioritizes and plans work activities, organizes personal and project timelines and deadlines, tracks project timelines and deadlines, and uses time efficiently.
  • Adaptability: Adapts to changes in the work environment, manages competing demands and is able to deal with frequent interruptions, changes, delays, or unexpected events.
  • Dependability: Consistently on time and at work, responds to management expectations and solicits feedback to improve performance.
  • Team Building: Capable of developing strong interpersonal networks and trust within the organization. Leads consensus by involving all stakeholders, facilitating their understanding of differences, agreeing on requirements and constraints, and developing the best solution.
  • Safety Culture: Adheres to the TEG Client Safety culture and is expected to model safe behavior and influence peers to meet high standards.

MINIMUM SKILLS, QUALIFICATIONS AND ABILITIES:

  • Education: A minimum of a B.S. degree in Computer Science or other technical degree from a four year accredited college/university or 8 years related experience in lieu of degree. A CISSP or GSEC certification count as three years of experience. A security related certification (CISSP, GSEC, DoDD 8570, or similar) is required for this position.
  • Experience: A minimum of 5 years experience in complex IT environments or 8 years' experience if no degree. This includes direct experience facilitating company-wide security strategy and policy. Direct experience facilitating design, implementation and auditing of security controls to meet company strategy. A good understanding of applicable security, regulatory and audit frameworks. Must have familiarity working in a highly regulated industry and blending those into a startup company s culture.
    • The position requires very strong knowledge in the following areas as it relates to designing, implementing, supporting, and troubleshooting security incidents:
      • Microsoft and Linux operating systems/networking
      • Encryption technologies and implementations
      • Network devices, protocols, and sniffers
      • Security tools and processes (pen testing tools, forensic tools, risk assessment, etc.)
      • Strong understating of social engineering attacks
      • Knowledge of MS Exchange and other network mail systems
      • Blended attacks and advanced persistent threats
      • Understanding of normal and abnormal ingress and egress network traffic
      • Various ways malicious actors can hide malware, command and control traffic, and egress data
      • Understanding of public key infrastructure
      • Strong ability to do network and end point forensics including live RAM and disk systems
      • Scripting or programming (example: Powershell, Bash, BAT, VB Script, C#, ASP.Net, etc.)
      • Preferred skills and background in the following areas:
        • DoDD 8140 (DoDD 8570)
        • SEC501: Advanced Security Essentials - Enterprise Defender (GCED)
        • SEC503: Intrusion Detection In-Depth (GCIA)
        • SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling (GCIH)
        • SEC560: Network Penetration Testing and Ethical Hacking (GPEN)
        • Cyber Supply Chain Risk Management (C-SCRM)
        • NIST 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
          • Industry Requirements: Eligible to work under Department of Energy 10 CFR Part 810. Needs to have a strong understanding of information and cyber security as it relates to a R&D company in a heavily regulated space.
          • Quality Assurance: Demonstrated understanding and implementation of quality assurance regulations, standards and guidelines of 10 CFR 50 Appendix B, 10 CFR 21, and NQA-1 preferred.

          Posted By

          Tom Geist

          Dice Id : 10114457
          Position Id : 1730
          Originally Posted : 3 months ago
          Have a Job? Post it

          Similar Positions

          Security Operations Center Manager (SOC)
          • Volt Services Group
          • Hillsboro, OR
          Information Security Specialist
          • World Technologies, Inc.
          • Portland, OR
          Security Engineer I (A band level)
          • Apex Systems
          • Hillsboro, OR
          IT Security - Solutions Architect
          • Petroplan
          • Portland, OR
          System Designer - Physical Security
          • Brookfield Global
          • Portland, OR
          Incident Response/Forensics Engineer
          • Request Technology, LLC
          • Remote, OR
          LogRhythm SIEM Engineer
          • INFOMATICS
          • Remote, OR
          Cyber Security Engineer
          • VitalWare
          • Seattle, WA
          Information Security Analyst
          • Experis
          • Seattle, WA