Information Security Analyst
- Washington, DC
- Full Time
- Information Technology
Title: Information Security Analyst
Reports to: Director, Information Technology
Job Summary: Develop, implement, and manage the information security policies, processes, and controls in concert with IT leadership to directly support Heritage’s enterprise goals. Work closely with the Cloud Infrastructure Engineer, Systems Administrator and Service Desk Lead to anticipate, identify, and resolve security issues. Act as principal designer for security architecture including applications, data, and infrastructure, serving as subject matter expert on information security practices.
- Collaborate with IT leadership to develop IT security program including primary responsibility for execution of security awareness program, penetration testing, tabletops, vulnerability scans, breach and attack simulations, audits, assessment, etc.
- Refine information security policies, procedures, and practices to audit, assess, and mitigate risk within Heritage IT systems.
- Consult on information security decisions in systems design and implementation (data storage, compute, identity management, network management, and endpoint management).
- Analyze and improve security information and event management practices to collect and synthesize data on Heritage activity.
- Continually improve data classification system through data catalog and tiered security requirements refinement. Regularly assess compliance of systems with relevant security requirements.
- Prepare relevant team members through incident response (IR) planning exercises and assessments, including tabletops, audit, etc. Develops IR playbooks for key response scenarios.
- Formulates IR procedures for approval by IT leadership. Organizes IR efforts in accord with procedures. Investigates active incidents through SIEM, endpoint, network, and cloud security tools, including threat-hunting. Prepares post-incident documentation and reports for approval by IT leadership.
- Analyze and administer Security Awareness Program, including reporting with regular comparisons to benchmark organizations.
- Supervises day-to-date IT log review and event management, adapting to relevant threat intelligence and escalating material issues through established protocols.
- Work with key security vendors. Develops and maintains relationships with security community including industry to advance Heritage’s security posture.
Education: Bachelors of Science (Masters preferred) in Computer Science, Systems Engineering, Cybersecurity, Information Technology or related area.
CISSP, GIAC Security, EC-Council, or Comptia Security+ Certifications (preferred).
Microsoft Certified: Enterprise Administrator, Security Operations, Security Engineer, Identity and Access Administrator, Information Protection (preferred).
Experience: A minimum of 8 years relevant IT implementation experience with at least 5 years in a senior technical capacity. A minimum of 5 years of experience in Cyber Security. 5+ years of experience architecting with 3rd party integration and/or cloud SaaS/PaaS. 3+ years of experience working with applications, data, and technology disciplines, gained in security sensitive environments. Working knowledge of NIST Cyber Security or equivalent frameworks.
Communication: Strong verbal and written communication skills.
- Ability to trouble-shoot problems and anticipate consequences of actions.
- Maintain strict confidentiality with all proprietary information.
- Availability to work on-site as needed to meet IT objectives.
- Superior technical and analytical skills.
- Detail oriented with a keen sense of follow-through.
- On-call responsibilities as assigned including occasional after-hours needs.