Information Security Analyst I

GENERAL SUMMARY

The Information Security Analyst I is a member of the information security team and will work under the supervision of the ISO. The role will focus on the day to day monitoring of the credit union’s security tools and remediation of incidents and vulnerabilities. This position is knowledgeable in standards relating to networking and Internet technologies and maintains current knowledge on software and network vulnerability trends and methods of remediation.

 

ESSENTIAL FUNCTIONS

Primary functions will be in SIEM alert monitoring, threat hunting and vulnerability research, false positive identification and remediation projects.

1. Assist in the day to day triage of various incidents, security alerts and events.
2. Analysis of monthly internal and external vulnerability assessments and annual penetration testing results. Assist in the remediation of findings of all tests.
3. Review new system designs and major modifications for security implications prior to implementation.
4. Assist in evaluation of new tools such as EDR, malware, system monitoring, etc.
5. Administration of phishing simulation program.
6. Remediation of security-related helpdesk tickets.
7. Assist and support the IT department with respect to IT security specific tools and processes.
8. Maintains up-to-date knowledge of available and emerging network security and computer technologies through professional reading, attending industry conferences, and professional development (training, education, and participation in professional associations).
9. Reviews advisories posted through FS-ISAC, CERT, NIPC (National Infrastructure Protection Center), Center for Internet Security, SANs and FBI and recommends appropriate security improvements.
10. Assist with topics and ideas to keep security awareness training for staff updated and current.
11. Maintain current knowledge of and compliance with all Credit Union policies and procedures, including compliance with the Bank Secrecy Act and all federal laws and regulations as set forth by the NCUA and other regulatory agencies. 

Note:  This list of essential functions is not exhaustive and subject to change upon notice.  It may be supplemented as necessary.

 

ADDITIONAL FUNCTIONS

1. Attend periodic staff meetings to discuss areas of improvement, changes in procedures, and new developments or services related to achieving Credit Union strategic goals.
2. Assist in training sessions aimed at increasing staff member comprehension of the credit union internal network and related systems.
3. Attend educational courses, conferences, and seminars related to areas of responsibility.

 

JOB SPECIFICATIONS

1. Requires 3-5 years relevant work experience or equivalent education.
2. Security related certifications are a plus but not required.
3. Experience with security software, firewalls, network monitoring, etc.
4. Experience in various operating systems, Windows, Linux variants
5. Some programming experience in languages such as Python, PowerShell, etc.
6. Knowledge of software tools such as Wireshark, Tcpdump, Nmap, Zeek, Snort, Kibana.
7. Basic understanding of networking protocols such as TCP/IP, DNS, HTTP/s.
8. Ability to adapt quickly to rapidly changing technology.
9. Ability to translate technical terms for non-technical persons.
10. Excellent communications (written and oral), customer service and problem solving skills. Must maintain a highly motivated and positive work attitude.
11. Strong system analysis and troubleshooting skills.

 

PHYSICAL REQUIREMENTS

Sitting = Continuous                                   Crawling = Occasional

Standing = Frequent                                   Climbing = Occasional

Walking = Frequent                                     Balancing = Occasional

Driving an automobile = Occasional           Reaching Overhead = Occasional           

Lifting/Carrying = Occasional                     Reaching Forward = Occasional              

Amount of Weight = 25-50 lbs.                   Kneeling = Occasional

Squatting = Occasional                              Push/Pull = Occasional

Bending = Occasional                                Twisting = Occasional

 

DISCLAIMER

The above information on this description has been designed to indicate the general nature and level of work performed by employees in this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.