Information Security Analyst 00720
CNU's Center For American Studies · Newport News, VA · 1 wk ago
Information Technology$69k–$89k/yrFull-time
About the role
The Information Security Analyst is responsible for implementing the campus' information security program to include reviewing security plans and role-based training requirements, operating security tools and scanners, and responding to security alerts.Responsibilities
- Review and update security plans and role-based training requirements.
- Operate security tools and scanners.
- Respond to security alerts.
Requirements
- Previous experience in an information security environment.
- Possession of a current and maintained Information Security certification.
- Experience documenting security issues.
Qualifications
- Education: High school diploma or equivalent education/experience that equates to a high school diploma.
- Experience: Previous experience in an information security environment.
- Experience with security awareness initiatives and training.
- Experience with information security to include managing systems security architecture, design, and/or operational planning on an enterprise level.
- Experience with information security to include managing systems security installation and risk remediation activities on an enterprise level.
- Experience with system authorizations and supporting security documentation development such as System Security Plans (SSP), System Access Requests, and Plans of Actions and Milestones (POA&M).
- Significant experience working with centralized logging solutions (Security Incident and Event Management, SIEM).
- Experience working with parsing events for SIEM ingestion.
- Developing SIEM dashboards/reports.
- Demonstrated hands-on experience with continuous monitoring, including vulnerability and compliance verification (using solutions such as Tenable Security Center / Nessus, Microsoft Defender, and/or other similar solutions).
- Experience working in a higher education environment.
Skills
- Knowledge of general concepts of information security best practices.
- IT Governance, Risk Management, and Compliance (GRC) knowledge, e.g., NIST CSF, NIST SP 800-39 and NIST SP 800-30.
- Knowledge of NIST SP 800-53 rev 5 security controls and the Risk Management Framework (e.g., NIST SP 800-37).
- Knowledge of vulnerability scanning and threat mitigation tools such as Microsoft Defender, Tenable Security Center / Nessus, Burp Suite.
- Knowledge of centralized log management tools such as Splunk, Graylog, Microsoft Sentinel, AWS CloudTrail.
- Knowledge of common vulnerability management frameworks such as CIS or STIGs.
- Knowledge of security concepts such as Least Privilege; and Separation of Duties.
- Ability to think critically, analyze risk, consider possible solutions, and make recommendations.
- Ability to communicate effectively both verbally and in writing with diverse groups of organizations and people.
- Ability to develop relationships with and provide guidance to all levels of management regarding employee system access.
- Willingness to be very flexible, ability to maintain the highest professional standards and competence to be accurate, thorough, and productive with all work.
- Understanding of system administration for both on-premises and cloud systems.
- Understanding of defense-in-depth and common security elements.
- Understanding of the IT Incident Response processes.
- Knowledge of regulations such as FERPA, GLBA, PCI.
- Knowledge of firewalls and IDS/IPS concepts, such as Palo Alto.
- Demonstrated understanding of technical, engineering, and programmatic capabilities related to information systems and/or subsystems.
- Familiarity with programming and query languages.