|Title: Sr. Information Security Analyst|
Location: Boston, MA
Duration: 6 Months, Extendable
Advise our client in the development of new technology and tools throughout a project lifecycle, and support remediation of security vulnerabilities.
- Systems Requirements Planning
- Enable secure systems by evaluating network and security technologies, including local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; support the design of public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhere to industry standards.
- Systems Security Architecture
- Provide information security guidance and architectural support to customers throughout a project utilizing a risk based approach.
- Advise on the implementation of security technologies to strengthen IT architecture.
- Work with system owners to ensure that appropriate security controls are designed and implemented.
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
- Document and maintain a log of information security risks associated with projects.
- Support the management and maintenance of security elements to ensure strong configuration.
- Advise on the remediation or patching of vulnerabilities.
- Create solutions that balance business requirements with information and cyber security requirements.
- Stay abreast of information security issues and regulatory changes affecting transportation at the state and national level.
- Update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Enhance department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
- Respond to each inquiry, whether from a customer, vendor or co-worker in a courteous and professional manner.
- Perform related duties and projects as assigned.
Preferred License and/or Certification:
- Bachelor's degree in related technical or engineering field or supplemental professional experience. Relevant experience can be substituted for degree.
- Demonstrated ability to perform a risk-based approach to securing applications, databases, or infrastructure.
- Demonstrated process orientation ? the ability to build repeatable and reusable processes.
- Excellent verbal and written communication skills.
- Knowledge of or experience with security architecture framework.
- Knowledge on threat landscape, security threat and vulnerability management, as well as security monitoring and analytics.
- Knowledge in compliance frameworks and requirements such as PCI, HIPAA, SOX, etc.
- Knowledge/experience with Tenable Security Center, IBM Qradar, Splunk, Varonis and MacAfee EPO or like solutions is preferred but not required.
CISSP, CISSP-ISSAP, CISSP-ISSEP, CEH, Security or equivalent.
The Company is an equal opportunity employer and makes employment decisions on the basis of merit and business needs. The Company will consider all qualified applicants for employment without regard to race, color, religious creed, citizenship, national origin, ancestry, age, sex, sexual orientation, genetic information, physical or mental disability, veteran or marital status, or any other class protected by law. To comply with applicable laws ensuring equal employment opportunities to qualified individuals with a disability, the Company will make reasonable accommodations for the known physical or mental limitations of an otherwise qualified individual with a disability who is an applicant or an employee unless undue hardship to the Company would result.