Job Title: Senior Cyber Security Analyst - Direct Hire / Full Time / Perm
Job Location: Albany, NY
Job Type: Full Time / Perm / Direct Hire + Benefits
?US citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time.?
- Senior Cyber Security Analyst is a member of the Security team and works closelywith the other members of Information Technology to develop and implement a comprehensive information security program.
- This includes a primary focus on detecting and preventing information security and cyberthreats to our organization.
- The incumbent will be required to connect dots where they may not have existed before and correlate data in novel and interesting ways to determine weaknesses within our infrastructure (software, hardware, networks, etc.) to find creative ways to protect it.
- This position will be responsible for advanced investigations, monitoring and incident response. Advance support to initial response teams and assist and train staff in troubleshooting
- The person in this role is responsible for advanced security program tasks and support of daily operations as needed.
- An ideal candidate has a passion for information security, problem solving, documentation, communication, organizational collaboration, and attention to detail.
- This individual will be empowered to help guide our security operations program by recommending improvements seeing them implemented. The senior analyst helps to develop and challenge existing processes and tools that focus on incident response, threat identification, analysis, and remediation.
- Oversee and support daily security operations to grant and protect systems against unauthorized access, modification and/or destruction
- Perform high risk changes to systems like firewalls, filters, anti-virus and document standard changes
- Design and improve monitoring systems and alerts, also support alerts and incident investigations as needed to support Analysts
- Updatenetworksecurity policies, application security, access control and corporate data safeguards
- Design and improve vulnerability and networking scanning assessment process and reporting
- Support and educate users security requirements of our networks
- Conduct data breach and security incident investigations
- Compile evidence and ensure documentation for legal requests or internal investigations
- Evaluate and remediate findings from securityaudits, risk analysis, networkforensics and penetration testing
- Liaison withothercyberthreat analysis entities and managed services
- Respond to security-related operational support and incidents, on and off hours as needed
- Develop automation and process improvements throughout cyber program
- Investigate incidents, act as an incident handler and follow incident response procedures
- Compile and track metrics for the cyber program
- Document and train Security Analysts and perform Planning, implementation and upgrades
- Perform vulnerability testing, risk analyses and security assessments
- Design and document implementation, procedures and processes of networks, IDS, IPS, etc.
- Collaborate with colleagues on authentication, authorization and encryption solutions
- Evaluate new technologies and processes that enhance security capabilities
- SupportSecurity Analysts in triage and response to security alerts and perform root cause analysis
- Define and implement corporate security policies, standards and procedures
- Support and develop security awareness, procedures and training
- Keep abreast of emerging technologies, software and methodologies
- Stay proficient in forensic, response and reverse engineering skills
- Support program execution and review security gap assessments, policies, procedures, playbooks, training and tabletop testing
- Develop and implement automation and process improvements to processes and procedures
- Respond to information security issues during each stage of a project?s lifecycle
- Perform all assigned work to meet expected delivery and schedules and perform other duties as assigned
Security Domain Skills and Knowledge Required:
- Access Control Systems and Access Methods
- Applications and Systems Development Security
- BCP and Disaster Recovery
- IS Audit Procedures / Processes
- IT Service and Delivery
- LawInvestigation and Ethics
- Operations Security
- Operational Security protection of assets
- Response Management
- Telecommunications and NetworkSecurity
Security Domain Skills and Knowledge Desired:
- Cryptography / Encryption
- Information Security Program Management
- Information Security Governance
- Industrial Control Systems/SCADA
- IT Governance
- Physical Security
- Risk Management
- SecurityArchitecture and Models
- Security Management Practices
- Systems and Infrastructure Lifecycle management
- Bachelor's Degree in a Computer Science, Information Assurance, engineering or related technical or business discipline.
- Minimum 3years quality experience (or a minimum of 5years directly related experience for non-degree holders) including at least 2years in cybersecurity.
- CISSP: Certified Information Systems Security Professional or multiples of the following
- CEH: Certified Ethical Hacker
- GCIH: GIAC Certified Incident Handler
- or other industry equivalents
- Minimum 5years quality experience (or a minimum of 8years directly related experience for non-degree holders) including at least 3years in cybersecurity.
- CPT: Certified Penetration Tester
- CSSA: Certified SCADA Security Architect