Softpath System Llc
Harlan, IA 51537, USA
Dec 11, 2019
Information Security Analyst Responsibilities include: - Review vulnerability scan results and make recommendations to mitigate risk. - Review system logs to determine information security risks and make recommendations to remediate. - Review risk assessments and recommend changes in policy or procedure to improve compliance to security controls and/or security best practices. - Facilitate completion of risk mitigation tasks by working with vendors and in-house staff. In some cases, conduct the risk mitigation task directly. - Be familiar with security controls (CIS, for example) and analyze possible gaps in controls in SOS environment. - Review daily information security news/alerts and understand how new vulnerabilities may affect SOS infrastructure. - Lead person to conduct PCI compliance self-assessment questionnaire (in collaboration with other staff). - Provide regular "information security training tips " to SOS staff that is relevant to current events and risk mitigation. - Facilitate communication between SOS IT Staff and security vendors. Responsibilities Daily review of security logs " Ability to use a SIEM products/security dashboards to view and analyze data " Ability to interpret log data to determine risk " Ability to plan/facilitate/perform mitigation tasks Review security risk assessments and plan/execute mitigation tasks " Ability to prioritize mitigation tasks identified in risk assessment documentation " Ability to plan/facilitate/perform mitigation tasks Review security vulnerability scans " Ability to prioritize remediation tasks identified in vulnerability scans " Ability to show risks are remediated " Ability to plan/facilitate/perform remediation tasks Keep informed on daily security news and vulnerabilities " Ability to understand how new vulnerabilities may affect SOS environment " Prioritize/Facilitate/Plan remediation of new vulnerabilities that affect SOS environment Security Controls " Review security controls and analyze possible gaps in SOS environment " Prioritize/Facilitate/Plan mitigation of security control gaps Compliance " Lead staff person overseeing PCI compliance " Responsible for PCI SAQ " Responsible for tracking quarterly PCI vulnerability assessments o Schedule, review, remediate issues Information Security training " Provide regular email/blog "security tips so staff to improve their information security understanding and awareness " Provide short presentations on information security topics as requested for division/department meetings Other duties " Work with leadership, technical staff to plan/execute proactive security plans " Point of contact for SOS in working with firewall vendor o Facilitate firewall upgrades o Facilitate firewall reviews (IPS follow ups) o Review firewall logs " Review/Comment on security policy implementation Skill Required / Desired Amount of Experience Experience with system and network administration (network, servers, etc). Required 5 Years Extensive knowledge of information security principles. Required 5 Years Experience in security audit, assessment and vulnerability scan methodologies, standards, procedures and best practices. Required 5 Years Experience in information security operations. Required 5 Years Strong oral and written communication skills and ability to communicate with all levels of stakeholders. Highly desired CISSP, CISA, CISM, Security+ or other information security certification. Nice to have Ability to work independently with limited supervision and limited direction, and in collaborative team environments. Highly desired Experience using security tools that include (but not limited to): SIEM product, vulnerability management, network monitoring, etc Required 5 Years Ability to analyze data and understand where security risks exist. Required 5 Years Ability to train non-technical staff (verbally or in written form) about information security principles. Desired Understanding of information security controls - and how to implement controls where gaps exist Required 5 Years Experience with PCI self-assessment questionnaire Desired Associated topics: forensic, identity, iam, leak, phish, protect, security, security engineer, threat, vulnerability