Description:
The Cyber Security Analyst will help plan and carry out security measures to protect *** Energy information systems. Tasks include but are not limited to the following areas: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communications and Network Security, Identify and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security.
Tasks And Responsibilities
- Serves as an internal information security consultant to the organization.
- Assist in the development and implementation of security policies and procedures
- Initiates, facilitates and promotes activities to create information security awareness within the organization.
- Performs information security risk assessments and serves as an internal expert for information security related issues.
- Reviews all system-related security plans throughout the organization's corporate network.
- Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager or business area.
- Supports the security incident response process.
- Provides input in selection of system software & hardware, with emphasis on security and compliance requirements.
- Provides incident and problem resolution.
- Supports development of security deliverables for enhancements to production systems and new development.
- Implements ongoing improvements to security configurations and operating procedures.
- Performs other duties as assigned.
Minimum Qualifications
- Bachelor’s Degree in Business Administration, Information Systems, Information Technology, Information Technology Security, Computer Science, Management Information Systems OR Information Security experience will be considered as a substitute for degree. Candidate must be actively pursuing completion of a degree listed above and self-studying to obtain at least one certification listed below.
- Knowledge of information technology security principles and methods
- Knowledge of vulnerability information dissemination sources (alerts, advisories, bulletins)
- Knowledge of key concepts in security management (vulnerability management, patch management, incident response)
- Experience with collecting data from a variety of cyber defense resources
- Skill in recognizing and categorizing various types of vulnerabilities and associated attacks
- Experience with using security event correlation tools (SIEM)
- Ability to conduct vulnerability scans and recognize vulnerabilities in information systems
- Ability to apply techniques for detecting host and network-based intrusions using various detection technologies
- Ability to interpret the information collected by network tools