Location: Hanover,MD, USA
Overview:
Job Summary:
The Information Security Analyst will provide service and operational support to all ACS Information Security Office service offerings and capabilities. The InfoSec Analyst will support project work upon request.
This position will support the security incident response system as well as the threat detection systems that monitor the environment. The Information Security Analyst is responsible for the analysis and documentation of security incidents, participate in the litigation hold processes, ensuring that security events are properly enumerated and resolved and accounted for in the ITSM tools.
The Information Security Analyst will support all GRC initiatives, participating in compliance audits and reviews of both systems and processes that govern the operations of Allegis IS and the personnel responsible for supporting these same systems.
Required in-office presence at least 4 days per week
Responsibilities:Essential Functions:
Work incidents and requests from the Security ticket queue Handle security escalations, identify and resolve critical security events requiring additional/specific investigation, triage, and mitigation. Assist the Information Security, Legal and Compliance teams in the creation of procedures, technical documentation, and completion of project tasks as required. Generate and present reports aggregating incident data Review purchasing agreements, questionnaires, contracts and statements of work to ensure compliance with company security standards and requirements Provide guidance and support to the Legal and executive requests for data gathering and analysis Document and report assessment and incident findings to the Security Operations Manager and ISO Collaborate with IS management, the corporate Legal department, safety and security, and law enforcement agencies to manage risks and security vulnerabilities Collaborate with other IS groups to implement Information Systems policies, procedures, standards and guidelines Perform the operation of related compliance monitoring, auditing, and improvement activities to ensure compliance both with internal corporate policies and applicable laws and regulations Represent the Information Security role in the Change Management, Incident Management, Patch Management, and Problem Management processes Actively participate in the IT security community to stay abreast of current standards and best practices. Maintain an industry standard information security certification Prepare reports that document general metrics Support the on-boarding of new InfoSec employees and contractors Ability to work off-hours to handle security alerts and changes to InfoSec technologies. Perform other related duties as assigned
Qualifications:Minimum Education and/or Experience:
Bachelors degree in the field of MIS, computer science, information systems or computer engineering or equivalent experience 2 to 4 years of experience Ideal candidates will hold one or more of the following certifications: o NET+, SEC+, SANS GIAC (GISF, GSEC or other), Experience with Agile methodology a plus (ACP)
Skills/Abilities:
Data Loss Prevention technologies Security Operations Centers Encase Litigation/Hold process solutions. Rapid7/NeXPOSE security scanning and management tools Experience with Microsoft O365, Microsoft Defender for Cloud, .NET, Active Directory, ADFS, Windows/Linux, SQL Server, Azure AD, VMware/Citrix, Salesforce.com Incident and Problem management system support Basic understanding of Network, host, data, integration, and application access security in multiple operating system environments (Windows, Solaris, Linux, etc.) Basic understanding of Information Security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists Basic understanding of the Internet, web, application and network security technique Experience in successfully deploying new business processes and technologies Basic understanding of network scanning and intrusion detection products Basic understanding of Data Loss Prevention and threat detections systems Basic understanding of Federal/International regulations related to information security (FISMA, Computer Security Act, Safe Harbor, HIPAA, etc.)
Core Competencies:
Build relationships Develop people Lead change Inspire Others Think critically Communicate clearly Create accountability