Participate in the monitoring of defense in-depth security measures, Data Loss Prevention (DLP), digital forensics, vulnerability assessments, penetration tests, hardware and software remediation strategies, malware prevention, security audits and remediation activities.
Actively participate in the monitoring and administration of all information security requests to ensure they receive proper verification, validation, and authorization prior to being approved.
Maintain up-to-date detailed knowledge of the Information security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
Provide support for security activities in the software/system development life cycle (SDLC) and application development efforts.
Assist with the administration creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures).

Bachelor's degree from four-year college or university (in Information Technology, Computer Science, or a related field preferred) plus 0-2 years of related experience; or equivalent combination of education and experience.
Prefer one or more of the following active certifications: CISSP, CISM, CISA, CEH, CompTia Security+, GCIA, GPEN or GSEC.
Experience working in an enterprise architecture, information security, information technology or information risk management related field.
Experience with technical security controls (e.g. AAA, multi-factor authentication, network or host based firewalls, network or host based intrusion detection/prevention systems, anti-virus, encryption, Virtual Private Networks (VPN), web application firewalls, configuration management, host hardening, continuous monitoring, incident response, or data loss prevention administration) within an organization or in a consulting capacity.
Experience conducting security and IT control audits assessments.
Experience working with vulnerability scanners.
Experience working with penetration testing tools (Metasploit, Nmap, and Burp Suite)
Must demonstrate understanding of infrastructure and application security requirements and architecture.
Demonstrated experience with security architecture solutions for large, critical systems and an understanding of Information Security standards, frameworks/methodologies, and best practice (NIST, ISO 2700x, CIS, ITIL, CoBIT, OCTAVE, GLBA).

Information Security Analyst, Associate

Key skills