Enter the base name or location (i.e. "North Carolina" or "Pearl Harbor")
|Army||Air Force||Coast Guard||Navy||Marines|
IT Security Analyst
* Save Job
* Rate Job
* Report Job
* Share Job With Others
Fort Washington, PA
CON_CORP CON_IND CON_W2
IT Security Analyst
The ITSecurityAnalystposition reports to the Security Program Manager and supports the development, implementation, monitoring and maintenance of security controls, processes, procedures and systems. Provides guidance and management for information security projects and technical requirements. Supports security technology to ensure proper operation including upgrades and installations. Aids in facilitating security training and awareness delivery. Reports, records and works with departments to resolve security related issues and incidents.
If you are interested in this opportunity please apply through this post or send your resume email@example.com.
* Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
* Performs both internal and external vulnerability scans and analyzes information from those scans, as well as penetration tests, to mitigate and help other responsible parties address system vulnerabilities.
* Provides technical support in the development, testing and operation of firewalls, intrusion detection systems, enterprise anti-virus and log monitoring tools. Responsible for reviewing and approving all corporate firewall requests.
* Conducts analysis, develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to facilitate compliance with security policies, procedures, standards and guidelines.
* Develops security guidelines for system support personnel and provides security awareness and technical training as required.
* Stays abreast of the security threat landscape on the latest reported issues, communicates them to the teams and works on an issue resolution strategy.
* Verifies security patch processes to ensure critical patches are applied to systems properly.
* Performs product evaluations, recommends and implements products/services for network security. Validates and tests security architecture and design solutions to recommended vendor technologies.
* Assists in assessing impact on the business unit or customer caused by theft, destruction, alteration or denial of access to information.
* Assists in developing and maintaining security program metrics to measure program effectiveness.
* Develop and implement a formal security awareness program to make all personnel aware of the importance of cardholder and customer data security.
* Be the intermediate source for coordination of any IT security related incidents and is the point of escalation for security incidents.
* Tracks all security incidents thru the life cycle including follow up with lessons learnt and remediation measures to prevent similar future incidents.
* Experience with IT security standards and best practice frameworks especially PCI DSS and SOX. Familiarity with ISO 27001, NIST, Cobit, ITIL is a plus.
* Ability to work well with external auditors and internal teams to achieve compliance is a must.
* Must be able to identify and provide budget conscious mitigating or compensating controls for short or long term that satisfy the audit requirements as well as implementation by the network team.
* Knowledge of how to properly secure and audit Unix/Linux and Windows servers and desktop systems.
* Knowledge of common application vulnerabilities, current threat vectors and mitigations.
* Knowledge of IP protocols, networks, security architectures and security threats in an IP network.
* Hands-on experience with port and network scanners. (Nessus, Nexpose, Nmap)
* Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail, Active Directory, LDAP, and access-lists.
* Experience working with internet and web application security techniques. (SANS, OWASP, WASC)
* Experience working with leading firewall, network scanning and intrusion detection products and authentication technologies. (Breach, Snort, Sourcefire, Cisco ASA)
* Experience working with logging and file integrity monitoring tools. (LogRhythm, Splunk, Tripwire)
* Preferred security certifications. (Security+, CISSP, CEH)
Education, Organizational and Interpersonal Skills
* Bachelor''s degree or equivalent combination of education and experience.
* Bachelor''s degree in computer science or related technical field preferred.
* 3 or more years of experience in network, host, data and/or application security in multiple operating system environments.
* Strong communication skills. (verbal and written)
* Strong analytical and problem solving skills with capacity to troubleshoot and resolve network/operating system security issues.
* Ability to independently manage projects and to balance and prioritize work tasks.
* Work well in a team environment and can lead and motivate personnel on a matrix team.
* Must be able to work extended or modified hours as required.
* May be required to be on call or provide support during major network upgrades or for incident response situations.