Overview
The Associate Security Analyst, under the general direction of the Manager, Information Security, assists in the creation and implementation of security solutions. Provides information to management regarding impact on the business caused by theft, destruction, alteration, or denial of access to information and systems. Performs risk assessments, assists with incident response, responds to customer security questionnaires, evaluates vendor security documentation, and coordinates Security Program efforts including ISO27001/SOC 2 certifications.
Responsibilities
Essential duties and responsibilities include the following. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Operates formalized Information Security programs and processes such as Vulnerability Management, Risk Assessment, Third Party Assessments, System Hardening and Security Requests
- Perform risk assessments for systems and services
- Design controls to mitigate risk
- Tests security control implementations for effectiveness of design and operation
- Supports the technical execution of established Information Security protocols such as Incident Response and Event Monitoring
- Maintains security and compliance performance metrics
- Communicates and collaborates effectively with both technical and non-technical teams/business units
- Researches and prepares periodic and ad-hoc reports of Information Security program execution
- Develops and maintains documentation for supported policies, processes and procedures
- Performs ongoing research of Information Security related topic
- Supports with execution of fixes as guided by the team
- Provides after-hours support on an as needed basis
- Performs additional duties as assigned
Qualifications
To be considered for and to perform this job successfully, an individual must be able to perform each essential duty and responsibility satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required.
Qualifications include:
- 0-3 years cybersecurity/SOC experience
- ISO 27001/SOC 2 Type 2 certification experience
- Working experience of public clouds (AWS, Azure, Google) preferred
- IT administration experience a plus
- Knowledge of application security and devsecops a plus
- Bachelor’s degree in Computer Science or Information Technologies required or equivalent experience
- Information security certification or related certifications highly desirable
Skills include:
- Able to work independently and willing to learn
- Problem-solving and analytical skills
- Strong verbal and written communication skills
- Leadership and/or mentorship skills