The Security Analyst conducts risk assessments, prepares security reports, verifies use of encryption for data at rest, data in motion; performs compliance and vulnerability analysis; and conducts information technology security research as required. Reports to the IT Director
In this multifaceted role the diverse responsibilities will include:
- Verifying cybersecurity configuration for compliance
- Validating proper security procedures by system administrators and others with access to sensitive information
- Prepare security plans
- Perform security reviews and inspections of computer systems and networks
- Act as the site lead for security incident investigations, incident mitigation and clean-up, and may be involved in a wide range of information system security issues
- Network traffic analysis
- Application security
- Identity and access management
- Participate in design, testing, and implementation of state-of-the art secure operating systems, networks, and databases
- Design and deploy new systems, applications, and solutions for enterprise-wide cyber systems and networks
- Ensure system security needs are established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, system design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing, incident response, disaster recovery, business continuity planning, and provide analytical support for security policy development and analysis.
- Integrate new architectural analysis of cybersecurity features and relate existing systems to future needs and trends
- Use advanced forensic tools and techniques for attack reconstruction
- Provide engineering recommendations
- Resolve integrations and testing issues
- May interface with external entities including law enforcement, intelligence, and other government organizations and agencies.
- May involve site security education and awareness training for employees.
- Other responsibilities as required by management
Minimum Educational Requirements for Competency
- BS Degree and 8 years of experience, 10+ preferred
- Five years of experience with managing information security for government contractors
- Working knowledge of the following regulations, standards, and publications: Federal Information Security Management Act (FISMA), Catalog of Minimum Acceptable Risk Standards for Exchanges (MARS-E), National Institute for Technology Standards Special Publications 800 Series including: 37, 47, 53, 66, et al, Industry best practices related to cybersecurity
- Working knowledge of security operations, security assessment and testing
- Recent experience with tools & technologies in data center environments including: Cisco Identify Service Engine (ISE), Cisco Advanced Malware Protection (AMP), Symantec Control Compliance Suite and Data Center Security (CCS / DCS)
- Working knowledge of cyber monitoring requirements, data center security controls mapping, systems / data integration and reporting frameworks
- Working knowledge of computer operating systems (Redhat Linux, Microsoft Windows), virtualization technologies (VMware, Hyper-V), and applications (such as MS Ofice, MS Project, Access, and Visio)
- Strong leadership and teambuilding
- Strong verbal and written communication
- Self-motivated, take initiative
- Some Afterhours / weekends required
- CISSP, CISA, CISM, CEH preferred
This position will be based in Alachua, FL.
To apply submit your resume to firstname.lastname@example.org with the position in the subject line.