Location: East Montpelier,VT, USA
This position is being recruited as a Security Analyst I or II. All experience levels are encouraged to apply. The IT Security Analyst I plays a crucial role in safeguarding Vermont Mutual's digital assets and information. The primary responsibilities include monitoring security alerts, conducting vulnerability assessments, and implementing security measures to protect against potential threats. The IT Security Analyst I will work closely with the IT team(s) to identify and mitigate security risks, participate in incident response activities and ensure compliance with security policies and regulations. A significant focus will be on data security and cloud security to protect sensitive information and ensure the integrity of both cloud-based and on-premises systems. CHARACTERISTIC DUTIES & RESPONSIBILITIES Monitor security alerts and respond to incidents promptly. Keep current with the latest security trends and technologies. Conduct vulnerability assessment and recommend mitigation strategies as they are discovered or disclosed by vendors or third parties. Assist with evaluating Vermont Mutual's infrastructure, training, procedures, and policies to identify areas that may not support the desired risk levels for the data held by Vermont Mutual. Assist in the implementation and maintenance of security measures and systems. Implement and manage data security measures to protect sensitive information from unauthorized access, disclosure, alteration and destruction. Ensure the security of cloud-based systems by implementing best practices for cloud security, monitoring cloud environments, and responding to cloud security incidents. Ensure the security of on-premises systems by implementing best practices for on-premises security Participate in research initiatives relating to solutions that can help mitigate undue risk to the data held by Vermont Mutual. Report findings and develop recommendations for solutions. Provide tier three support for security specific solutions including anti-malware, intrusion detection/prevention, auditing/testing, incident response, and cryptography systems. Maintain assessment systems for measuring compliance of company policies, procedures, security training programs, technical infrastructure, third-party partner SLA's and agreements, applications and development efforts against Vermont Mutual defined compliance baselines. Work closely with the IT Security and Compliance Program Committee to identify compliance baselines from security frameworks including NIST 800-53, legislative requirements and corporate objectives. Provide guidance and security policy interpretation for managing risk on Windows servers and desktops, Linux systems, cloud systems, data stores, perimeter networks, virtual private networks, and e-mail communications. Work with business unit leaders and senior IT team members to identify the risk value of Vermont Mutual data and the required business operations that work with the data. Provide escalation for on-call security support to end-users as following established IT cyber security incident playbook. Perform other duties or special projects as required or as assigned. SUPERVISION RECEIVED General supervision is received from the IT Security Manager, Director of IT Infrastructure, or other senior staff members. QUALIFICATIONS Bachelor's degree in computer science or information security, plus one to three years of relevant information system's experience with a strong concentration on security, or a combination of education, certification, and experience from which comparable knowledge and skills are acquired. Basic understanding of cybersecurity concepts and principles including data and cloud security. Knowledge of security tools and technologies. Systems Security Certified Practitioner (SSCP) certification or ability to obtain within the first year of employment. Additional certifications such as Certified Cloud Security Professional (CCSP), AWS Certified Security - Specialty, and Certified Data Privacy Solutions Engineer (CDPSE) are highly desirable. Ability to conduct detailed research and evaluation of security issues and products as required. Strong analytical thinker with the drive to solve problems. Strong interpersonal and communication skills, including verbal and written. Strong organizational skills. PHYSICAL DEMANDS/WORKING CONDITIONS Predominately sedentary office position with high frequency of keyboarding/computer work required. Off hour and weekend work may be required. The physical demands are minimal and typical of similar jobs in comparable organizations. The work environment is representative and typical of similar jobs in comparable organizations.