The IT Security Analyst plays a key role in the process of planning, implementing and monitoring IT Security controls. The Security Analyst is a member of the technology team working with stakeholders at all levels of the organization providing technical assistance and communicating the state of information security, informing of possible risks, and suggesting ways to improve security.
DUTIES & RESPONSIBILITIES
- Assist with the process of evaluating the Vermont Mutual infrastructure, training, procedures, and policies to identify areas that may not support the desired risk levels for the data held by Vermont Mutual.
- Participate in research initiatives relating to solutions that can help mitigate undue risk to the data held by Vermont Mutual. This will include reporting on findings and developing recommendations for solutions that Vermont Mutual should look to adopt.
- Provide technical support during the adoption of solutions that support the mitigation of unacceptable risk levels for data held by Vermont Mutual.
- Provide tier three support for security specific solutions including firewalls, content filters, anti-malware, intrusion detection/prevention, auditing/testing, incident response, and cryptography systems.
- Maintain assessment systems for measuring compliance of company policies, procedures, security training programs, technical infrastructure, third party partner SLA’s and agreements, applications and development efforts against Vermont Mutual defined compliance baselines.
- Provide guidance and security policy interpretation to managing risk on Windows servers and desktops, Active Directory (Group Policy), network communications, company data stores, perimeter networks, virtual private networks, and e-mail communications.
- Work with the Infrastructure team and third party solutions to interpret activity from system logs and network traffic in an effort to recognize and react to anomalies that may indicate vulnerabilities or unauthorized exploitation of resources.
- Make recommendations and assist with remediation of critical vulnerabilities as they are discovered or disclosed by vendors or other third parties.
- Assist Internal Incident Response process to the extent required based on the scope of the incident. Participate in post-event activities to prevent future occurrences.
- Work closely with the IT Security and Compliance Program Committee to identify compliance baselines from security frameworks including NIST 800-53, legislative requirements and corporate objectives.
- Work with business unit leaders and senior IT team members to identify the risk value of Vermont Mutual data and the required business operations that work with the data.
- Keep current with emerging security alerts, technologies, issues, and solutions.
- Provide escalation for on-call security support to end-users as following established IT cyber security incident playbook.
- Performs other duties or special projects as required or as assigned.
General supervision is received from the IT Security Engineer, Director of IT Infrastructure, or other senior staff members.
- Bachelor's degree in computer science or equivalent, plus one to three years of relevant network experience with a strong concentration on security, or a combination of education, certification, and experience from which comparable knowledge and skills are acquired.
- Have obtained the Systems Security Certified Practitioner (SSCP) certification or ability to obtain within the first year of employment.
- Applied technical knowledge of modern Microsoft Windows server and desktop operating systems, TCP/IP networking, firewalls (preferably Sophos), intrusion detection/prevention systems, network auditing systems, SIEM aggregation, anti-malware systems, and other industry accepted security technologies.
- Ability to conduct detailed research and evaluation of security issues and products as required.
- Strong analytical thinker with the drive to solve problems.
- Strong interpersonal and communication skills, including verbal and written.
- Strong organizational skills.
PHYSICAL DEMANDS/WORKING CONDITIONS
- Predominately sedentary office position with high frequency of keyboarding/computer work required.
- Off hour and weekend work may be required.
- The physical demands are minimal and typical of similar jobs in comparable organizations.
- The work environment is representative and typical of similar jobs in comparable organizations.
How to Apply:
Submit cover letter, salary requirements and resume, in strict confidence.