Information Security Analyst

The Information Security Analyst supports the implementation and administration of information security policies, practices, procedures, and technologies to protect networks, systems, applications, and data. This role ensures compliance with security policies, standards, industry regulations, and laws. Responsibilities include monitoring security alerts, participating in incident response, performing security engineering tasks, and fulfilling audit and compliance requests. The analyst will work with IT and non-IT teams to resolve security events and recommend corrective actions.

Must Have

• Monitor and respond to security alerts from EDR, email security, firewall, SIEM, IPS/IDS, etc.
• Participate in incident response, including evidence collection and technical interviews.
• Collaborate on SOC IR strategies and refine incident response playbooks.
• Perform security engineering tasks like alert tuning and system maintenance.
• Fulfill requests from audit, compliance, and regulatory functions (PCI DSS, SOX).
• Work outside normal business hours when needed for diagnosis/implementation.
• Bachelor’s degree in computer science, Information Security, or equivalent experience.
• 2+ years experience in security or highly technical IT fields.
• Experience with the entire incident response life cycle.
• Experience with information security technologies (IDS/IPS, SIEM, MFA, DLP, etc.).
• Knowledge of TCP/IP and major application-layer protocols.
• Understanding of network and application attacks (DoS/DDoS, SQL injection).
• Working knowledge of IT security, compliance, and regulatory requirements (PCI DSS, SOX, HIPAA).
• Ability to read, write, speak, and understand English in a business environment.

Good to Have

• Python experience
• Strong analytical and problem-solving skills

Perks & Benefits

• Work from Home
• Employee Belonging Groups
• Healthcare: Dental, Medical, and Vision
• Paid Vacation, Volunteer, and Holiday Time Off

The Information Security Analyst will support the implementation and administration of information security policies, practices, procedures, and technologies to ensure the protection of networks, systems, applications, and data. This role will be looked to as an information security professional within the organization, helping ensure compliance with all security policies and standards, as well as with industry regulations and laws. This role will also be involved with day-to-day security operations by responding to security events of interest and recommending corrective action by working with IT and non-IT team members.

We are looking for an Information Security Analyst who will:

• Monitor, respond, and work to resolution alerts from security tools such as endpoint detection and response (EDR), email security, firewall, security event and information management (SIEM), IPS/IDS, Application Firewall, malware, change detection (FIM), user behavioral analytics, rogue wireless network alerts, and security system health monitoring.
• Participate in the organization's incident response plan and perform incident reporting on an as needed basis. Experience in incident response, to include evidence collection and preservation, timelining activities, and conducting technical interviews. Experience with automated workflow tools and Strong analytical and problem-solving skills; Python experience a plus.
• Collaborate with team members and assist in developing and implementing SOC IR strategies, along with refining and testing incident response playbooks and procedures. Coordinate with internal and external stakeholders during incidents. Stay updated on emerging cybersecurity threats and trends.
• Perform security engineering tasks as required to include alert tuning, system maintenance, determining and capturing key information feeds, etc.
• Participate and fulfill requests from audit, compliance, and regulatory functions, including and not limited to Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), emerging state and Federal privacy laws, and general security auditing
• Must be able to work outside normal business hours when needed in order to perform diagnosis and/or implementation of product releases or changes so that normal business workflow is not interrupted
• This position requires domestic and/or international travel of up to 5%

• Is this opportunity right for you? We are looking for candidates with:
• Bachelor’s degree in computer science, Information Security, related field, or equivalent experience
• 2+ years of experience working extensively within security or highly technical IT fields
• Experience with various functions within the entire incident response life cycle including security system engineering, alert monitoring, triage, incident analysis (host and network forensics, malware analysis, etc.) and incident management
• Experience working with information security technologies, such as IDS/IPS, malware prevention, database activity monitoring, secure password repository, multi-factor authentication, SIEM, SPAM prevention, web content filtering, IdM/IAM, encryption and encryption key management, DLP, change detection, and vulnerability scanners
• Knowledge of TCP/IP: must be able to demonstrate technical understanding of all layers of the TCP/IP stack, including familiarity with major application-layer protocols such as HTTP, HTTPS, FTP, SFTP, FTPS, SMTP, DNS, etc.; must be able to read and understand a packet trace; must be able to read and interpret network access control lists
• A clear understanding of a variety of network and application attacks: examples include DoS/DDoS, buffer overflows, SQL injection, reconnaissance scanning, and evasive methods attackers use to avoid detection; must be able to demonstrate a minimum level of familiarity with well-known vulnerabilities and exploits
• Working knowledge with IT security, compliance, and regulatory requirements, such as Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA) , state and Federal privacy laws
• Ability to read, write, speak and understand the English language in a business environment

CSGer Perks & Benefits

• Work from Home
• Employee Belonging Groups
• Healthcare: Dental, Medical, and Vision
• Paid Vacation, Volunteer, and Holiday Time Off
• And so much more!

Position Pay Range:

This range represents the low and high end of the salary range for this position. Actual salaries will vary based on factors including but not limited to geographical location and experience.

$64,938.52-$103,901.85

This role is eligible for a bonus opportunity.