LU - Security Analyst 8-11 - Focused HR Solutions
Columbia, SC
About the Job
This position is 100% on-site remote work is not available. Our direct client has an opening for a Security Analyst rec 10902-1This position is up to 12 months, with the option of extension, and is in Columbia, SC, W2 only. Corp to Corps are NOT allowed for this client.
DAILY DUTIES / RESPONSIBILITIES:
DAILY DUTIES / RESPONSIBILITIES:
- The Security Analyst is primarily responsible for assessing and evaluating the organization’s information & cyber security solutions and processes, as well as providing technical advisory to influence the design and implementation of security information technology systems and networks.
- The Security Analyst will guide junior analyst (Security Analyst I and II) to identify and address risks, and lead the response to information security issues.
- Candidates should be self-starters, creative problem solvers and have an eagerness to implement tactics, techniques and procedures that make the most effective use of Agency staff, resources, products and technologies quickly.
Technical Knowledge:
- Understanding of information technology and security concepts.
- Experience or knowledge of operating systems (e.g., Android, iOS, Linux, Windows, MVS, VMWare), cloud computing, networks, hardware and software platforms, and protocols as they relate to information security.
- Experience or knowledge in performing vulnerability assessments, including scanning, analysis of results, and manual validation.
- Experience with secure networking technologies such as network firewalls and IDS/IPS technologies, Network Security Monitoring expertise, and Security Information and Event Management (SIEM) systems.
- Experience in information security incident response and risk management.
- Experience managing and responding to information security risks, threats and incidents.
- Threat and vulnerability management; awareness of current threats to confidentiality, integrity, and availability of data and controls to mitigate threats.
- Strong working knowledge of applicable internal and/or external regulatory policies, standards, procedures and controls (e.g., Centers for Medicaid and Medicare (CMS) MARS-E 2.0, National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), and Federal Risk and Authorization Management Program (FedRAMP).
- Experience or knowledge with the development and integration of RMF tasks and artifacts into the System Development Life Cycle (SDLC) is ideal.
- Experience or knowledge in security as related to multi-tenant, cloud services and vendor interface management would be considered desirable for this position.
- Working knowledge of TCP/IP and the functioning of its component protocols, ability to read, and analyze, using various toolsets such as tcpdump, wireshark, etc; how they work and what information they produce will be beneficial in this role.
- Understanding basic defense-in-depth principles such as and secure system configuration, network segmentation and malicious code protection is a plus.
Information Systems’ Security Experience:
- Experience working in a SOC environment is preferred.
- Experience in operating and contributing to a security operations center responding to alerts and anomalies, creating and interpreting dashboards and triaging cross-functional teams is preferred.
- Hands-on experience in the secure implementation, operation and on-going maintenance of computer systems, software, hardware and networks is preferred.
General Duties and Responsibilities:
- Assist in the day-to-day duties of SOC monitoring activities, tools and processes
- Provide hands-on support for OCS security tools
- Conduct threat hunts (specialized searches) for evidence of compromise
- Monitor security technologies for alerts
- Investigating incidents, gathering evidence, and analyzing data
- Analyze anomalous activity and potential threats to Agency connected resources
- Collaborate with OCS Staff and other agency staff, leadership, business partners and other parties/stakeholders to support security and compliance risk mitigation efforts
- Other duties as assigned
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
- Must have hands-on experience or educational background in IT System Security or System Administration
- Experience with incident response procedures and practices
- Must be willing to learn and take on new tasks
- Willingness to work independently and as a member of a team
- Willingness to collaborate and coordinate with multiple teams and vendors
- Ability to multitask and prioritize tasks effectively in order to effectively report on the status of assigned work
- Ability to multitask and prioritize tasks effectively in order to meet deadlines in a results-oriented environment
- Must have intermediate skills in Microsoft Office products (Word, Excel, PowerPoint, Visio) to include working with templates and style guidelines for branding consistency
- Strong understanding of enterprise operations & secure best practices
- Ability to absorb, retain and communicate processes
- Strong written and verbal communication skills.
- Ability to accept changes and constructive criticism and remain flexible in dealing with leadership and teams of varying technical and business knowledge.
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
- Prior Health Information Technology experience
- Centralized Log Management experience
- Familiarity with security regulatory requirements and standards (such as NIST 800 series, MARS-E)
- Experience performing or supporting information security compliance assessments and audits
- Work and/or consulting experience in federal, state, city or local government.
SERVER ADMINISTRATION
- No 4 Intermediate Within 5 Years 2 - 4 Years
- Cloud cloud platforms/environments
- No 2 Advanced Within 5 Years 4 - 6
- YearsHigh School Diploma Yes 1
- Advanced Currently Using 2 - 4 Years
- Bachelor's Degree
- No 3 Advanced Within 10 Years 2 - 4 Years
- Technical Certifications No 3
- Advanced Within 10 Years 2 - 4 Years
KNOWLEDGE OF INFORMATION TECHNOLOGY FIELD, BEST PRACTICES, ORGANIZATION AND OPERATIONS:
- Yes 1 Expert Currently Using 4 - 6 Years
- Consulting Experience No 1 Intermediate Within 10 Years 2 - 4 Years
- Cybersecurity Yes 1 Expert Currently Using 4 - 6 Years
- Experience in projects involving PCI/NIST security implementations and/or audits. No 1 Intermediate Within 10 Years 2 - 4 Years
- MARS-E No 3 Intermediate Within 5 Years 2 - 4 Years
- Network Security Penetration Testing No 4 Intermediate Within 5 Years 1 - 2 Years
- Network Security risk/vulnerability assessments No 4 Intermediate Within 5 Years 2 - 4 Years
- Network Security Security Information Event Management (SIEM) systems development/configuration No 1 Advanced Within 5 Years 4 - 6 Years
- Networking & Directories INCIDENT MANAGEMENT Yes 1 Advanced Within 5 Years 4 - 6 Years
- Information Security Yes 1 Expert Currently Using 4 - 6 Years
- Network security No 1 Advanced Within 5 Years 4 - 6 Years
- Linux Yes 1 Advanced Within 2 Years 4 - 6 Years
- Windows Yes 1 Advanced Within 2 Years 4 - 6 Years
- Microsoft Yes 2 Advanced Currently Using 4 - 6 Years
- Experience working with risk management No 1 Advanced Within 5 Years 2 - 4 Years
- Firewall No 1 Advanced Within 5 Years 2 - 4 Years
- Software development life cycle (SDLC) No 5 Advanced Within 5 Years 4 - 6 Years
- NIST Security Yes 1 Advanced Within 2 Years 4 - 6 Years
- Medicaid or healthcare experience No 1 Intermediate Within 10 Years 4 - 6 Years Additional Skills: Incident response – required
- Strong understanding of enterprise operations & secure best practices- required
- Strong understanding of information technology and security concepts - required
By replying to this job advertisement, I agree I want to receive additional job advertisements from Focused HR Solutions, including email, phone and mail to the contact information I am submitting. I consent to Focused HR Solutions, its affiliates, third parties and partners processing my personal data for these purposes and as described in the Privacy Policy. I understand that I can withdraw my consent at any time.
Source : Focused HR Solutions
