Information Security Analyst

Job description

Information Security Analyst
Cleveland, OH (Hybrid, 2 days onsite/week downtown)
$100,000 – $115,000

Overview
In this critical role, the Information Security Analyst is expected to drive both tactical and strategic objectives within the Information Security team. This includes overseeing initiatives related to risk and vulnerability management, incident response, security architecture, cloud security, and vendor risk assessments. Duties will be primarily coordinated by the Information Security Manager, but candidates should be adept at working independently and recognizing opportunities to contribute to various information security projects. The ideal applicant thrives in a dynamic setting, can effectively communicate with both technical and non-technical colleagues, adeptly shifts focus depending on urgent needs, and possesses a strong desire for ongoing learning and professional growth.

KEY RESPONSIBILITIES
Key responsibilities include but are not limited to:

• Implementing security strategies as outlined by the Information Security Manager.
• Engaging in the Firm’s Vulnerability Management Program, collaborating with cross-functional teams to identify and mitigate security risks across the organization.
• Supporting the management of the Vendor Risk Management initiative by evaluating and addressing third-party risk assessments.
• Monitoring security alerts and taking action on notifications from various security systems (such as IDS/IPS, SIEM, AV/EDR).
• Designing, reviewing, and managing security controls for Azure cloud environments, including conducting audits.
• Employing scripting languages (PowerShell and Python) to automate processes and enhance security operations.
• Advising on IT projects to proactively address security considerations throughout project development.
• Collaborating with IT teams to implement security measures for various applications and platforms.
• Managing various endpoint and network security tools, including CrowdStrike, SIEM tools, and Fortinet or other advanced detection technologies.
• Utilizing vulnerability scanning, packet analysis, and exploitation tools such as Nessus, nmap, Wireshark, tcpdump, Metasploit, etc.
• Designing and assisting in the implementation of secure network architectures (e.g., network topology reviews and firewall ruleset evaluations).
• Applying controls from recognized security frameworks and standards like the NIST CSF 2.0 Framework, NIST 800-53, and CIS Controls.
• Monitoring and securing Microsoft client/server systems as well as Fortinet and Cisco (or similar) network devices.
• Contributing to the management and upkeep of user security policy training and awareness initiatives.
• Conducting security research to stay updated on emerging security challenges, legislation, and regulations impacting the Firm.
• Performing additional duties as assigned.

QUALIFICATIONS
To excel in this role, candidates must successfully carry out the essential duties listed above. The following qualifications reflect the requisite knowledge, skills, and abilities. Reasonable accommodations may be arranged for individuals with disabilities to perform essential tasks.

EDUCATION/EXPERIENCE:

• Bachelor’s Degree in Computer Science, Management Information Systems, or a related field, along with 5-7 years of IT experience, and 3-5 years specifically in Information Security across two or more of the following domains: Windows Systems Administration, UNIX/Linux Administration, Networking, Access Control, Incident Response, and Information/Data Security.
• Preferred Certifications:
  • Certified Information Systems Security Professional (CISSP).
  • GIAC GSEC, GCIH, GCIA, GCWN, or related certification.
  • CompTIA Security+, CySA+, Network+, CASP, or equivalent certification.
  • Microsoft Azure Security Certifications (e.g., AZ-500, SC-100 to SC-400).

TECHNICAL SKILLS:

• Proficient in Microsoft Office Suite, including Word, Outlook, Excel, and PowerPoint.
• Ability to quickly learn new software applications.

LANGUAGE SKILLS:

• Exceptional written and verbal communication skills, with the ability to build and maintain effective relationships with staff, trusted partners, attorneys, and clients. Credibility should be established through high-quality work and communications that demonstrate confidence, tact, persistence, and reliability. All written communications must be professional, concise, and accurate.

MATHEMATICAL SKILLS:

• Capability to perform basic mathematical operations including addition, subtraction, multiplication, and division across various measurement units, using whole numbers, fractions, and decimals.

REASONING ABILITY:

• Capacity to apply common sense in following provided instructions, whether in written, oral, or diagrammatic formats.
• Adept at solving problems with several concrete variables in established situations.
• Ability to define problems, gather data, establish facts, and reach sound conclusions.
• Skilled in interpreting a broad range of complex instructions and managing both abstract and concrete variables.
• Exhibit independent decision-making and strategic thinking capabilities.

OTHER SKILLS and ABILITIES:

• Strong organizational and planning skills with the ability to prioritize diverse tasks and projects to meet deadlines.
• Able to work effectively under pressure in a fast-paced environment.
• Robust analytical and organizational abilities, with a tolerance for ambiguity, enabling the handling of multiple projects simultaneously with minimal oversight.
• Demonstrated creativity, flexibility, persistence, high motivation, and the capacity to collaborate effectively within a team setting.
• Willingness to work overtime as required to fulfill the job’s essential duties, which may occasionally necessitate hours beyond 40 per week.
• Thorough understanding of technologies that can enhance operational efficiency within the firm.
• Ability to maintain confidentiality and handle sensitive information discreetly.

WORK ENVIRONMENT:
The characteristics of the work environment described here reflect what employees might encounter while performing the essential functions of the position. Reasonable accommodations can be made for individuals with disabilities to fulfill essential duties effectively.