The Senior Information Security Analyst is responsible for helping to plan and carry out Denali AI’s information security strategy to achieve company-wide and departmental goals. The Senior Information Security Analyst plays a vital role in keeping the organization's proprietary
and sensitive information secure while recommending specific measures that can improve the company's overall security.
- Responsible for helping to apply, and developing security standards and best practices for the organization
- Perform security assessments & internal security posture reviews
- Perform vulnerability testing and penetration tests, both via internal tools as well as with formalized vendors
- Assist in company responses to security questionnaires from our customer bases
- Manage, and configure as needed, operational security infrastructure, including SIEM, Data Loss Prevention, anti-malware, encryption, multi-factor authentication, security management in a hybrid architecture using AWS/Azure cloud, and on-premise environments/applications
- Implement and develop mitigation strategies and controls to reduce overall risk
- Monitor, track, analyze, and record incidents to ensure protection from any potential leaks of malicious activity
- Manage Internet & Intranet security-based issues by performing firewall policy audits & reviewing security logs
- Identify control weaknesses, regulatory compliance issues, and potential areas of risk for all segments of the data processing and information technology business and provides management with a remediation plan for such issues
- Prepare recommendations and implement changes to work methods and procedures to make them more effective and/or to strengthen security measures
- Cross-train with team members on all other Information Security initiatives such as general Vulnerability Management, Security Reviews, Security Policy Compliance & Awareness, Customer Engagement & Security Certifications
- Analyzing security breaches to identify the root cause
- Research the latest information technology (IT) security trends
- Help computer users when they need to install or learn about new security products and procedures
- Collaborates with users to discuss computer data access needs, to identify security threats and violations, and to identify and recommend needed programming or process changes
- Uses data encryption, firewalls, and other appropriate security tools and applications to conceal and protect transfers of confidential digital information
- Develops and implements plans to safeguard digital data from accidental or unauthorized modification, destruction, or disclosure; adheres to emergency data processing needs
- Reviews violations of security procedures; provides training to ensure violations do not recur
- Monitors and restricts access to sensitive, confidential or other high-security data
- Modifies security files and applications as able and necessary to provide specialized access, allow new software to be installed or integrated or correct errors
- Performs risk assessments, audits, and tests to ensure the proper functioning of data processing activities and security measures
- Safeguards system security and improves overall server and network efficiency by training users and promoting security awareness
- Determines when to update virus protection systems by monitoring current reports of computer viruses; facilitates or performs needed updates
- Perform accurate and timely analysis and reporting of security of events from a wide variety of technology sources
- Serve as a project manager and lead for developing a security roadmap and individual projects
- Ensures Accountability
- Tech Savvy
- Communicates Effectively
- Values Differences
- Customer Focus
- Drives Results
- Plans and Prioritizes
- Decision Quality
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
While performing the duties of this job, the employee in this position frequently communicates with other co-workers/clients who have inquiries about the various projects and other needs. Must be able to exchange accurate information in these situations. The employee must be able to remain in a stationary position 75% of the time. The employee in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc. Constantly operate a computer and office machinery such as a calculator, keyboard, copy machine, and printer. Frequently moves boxes with equipment weighing up to 25lbs across the building and/or to other offsite buildings for various project needs.
Required Education and Experience:
- Bachelor’s degree in Computer Science or Engineering or related field (or work equivalent)
- 7+ years of experience
- 7 years of total experience in IT
- 5 years in InfoSec
- Certifications that support experience within IT security in one or more common frameworks
- Advanced knowledge of common security frameworks such as SOC 2/3, HIPAA, PCI, GDPR, NIST, etc.
- Advanced knowledge of common & current tools such as Rapid7, NESSUS, NMAP, Kali Linux, ZenGRC
- Complete audits with reputable 3rd parties such as Gartner or CoalFire
- Experience in information security management and related functions such as IT Risk Management
- Ability to align information security policies with business requirements
- Flair for translating information security requirements into IT security controls and measures
- Attention to detail
- Excellent communication skills – both written and oral
- Project management skills and an ability to translate business requirements into technical IT security deliverables
- In-depth knowledge of security protocols and principles
- Critical thinking skills and ability to solve complex problems
3MD Inc. is an equal opportunity employer and does not discriminate based on gender, sex, age, race and color, religion, marital status, national origin, disability, sexual orientation, gender identity or expression, veteran status, or any other category that is protected by applicable law.
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
Cyber Security Analyst