Beacon Technologies is seeking an Information Security Analyst II. This individual is responsible for performing assigned tasks at an experienced professional level. Work is performed independently or in a collaborative team setting for larger or more technical activities. This position performs ongoing and specialized operational tasks in one or more functions, such as system configuration and compliance with security requirements, incident logging and reporting, security operations, system and end user security administration and access, etc. This position provides the client services to protect the confidentiality, integrity, and availability of information and technical environments and to support information security goals and objectives. This position is responsible for ensuring information security requirements within the organization are being adhered to.
• Evaluate and monitor Network Health’s compliance with regulatory and industry best practices for information security.
• Implement appropriate security frameworks and controls that enhance data security and protect information assets.
• Investigate alerts generated by security controls.
• Implement/provide recommendations to improve detection capability accuracy.
• Participate to the development/optimization of incident response standards and procedure to increase the organizations cyber resiliency.
• Coach and mentor junior resources.
• Analyze the enterprise information security environment and recommend security measures to safeguard valuable information assets.
• Help identify, evaluate, and report on information security risks.
• Collaborate with vendors and internal departments to recommendations to optimize performance of security controls.
• Collaborate with network and technology support team to enhance and improve security processes and documentation.
• Regularly evaluate and assess information security vulnerabilities, solutions, and organizational posture.
• Stays current with security technologies and threats in order to contextualize the events observed in the environment.
• Assist in providing initial assessment of impact severity for IT security incidents and executing the appropriate response.
• Perform daily operational tasks required for the department to protect the client's assets. Tasks range from (but are not limited to):
o Analyze security alerts
o Maintain endpoint protection infrastructure
o Facilitate risk evaluation related to vulnerability assessment findings and coordinate risk treatment
• Respond to reported information security critical incidents 24x7.
• Participate in risk assessments, security awareness training programs, ongoing security-based projects, and security policy/procedure development.
• Other duties as assigned
• Bachelor’s Degree in Computer Science, Information Systems or other related technical field, or equivalent work experience.
• 4 or more years of technical experience in Information Security and/or Information Technology (System Administration or Network Engineering) with at least 2 of those years in Security Operations (Incident Response/Handling).
• Experience and knowledge of at least two of the major security vendors relevant to the position.
• Working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, ISO, ITIL).
• Working knowledge of the following subjects:
o Network (protocols, topologies)
o Security controls (proxies, IPS, IDS, Firewall and packet analyzers)
o Systems (Windows, Linux/UNIX)
o Software development (development / scripting languages)
o Incident Response
o Threat and Vulnerability Management
At least (1) of the following certifications required:
• (Preferred) Certified Information Systems Security Professional (CISSP)
• CompTIA Security+
• Certified Ethical Hacker (CEH)
• GSEC (SANS GIAC)
• Certified Information Security Manager (CISM)
• Or other relevant security certification