Sr. IT Security Analyst - WideNet Consulting : Job Details

The Sr. IT Security Analyst is focused on safeguarding the organization's technology from risks and attacks. They play a crucial role in protecting the Company's technology from unauthorized access, threats, and vulnerabilities. This role involves monitoring, detecting, investigating, analyzing, and responding to security events. Additionally, they will implement and maintain defensive measures using cybersecurity systems, tools and best practices.Essential FunctionsSecuring the Company's Technology:Oversee access, identify suspicious activity, and recommend solutions to reduce risk and prevent cyberattacksPartner with other IT team members to secure networks, systems, applications, and the Company's sensitive information by ensuring that best practices are followed.Continuous development and use of modern security controls to protect the Company's endpointsTimely communication regarding security issues to peers and managementValidate security software and firmware updates are installed and current on all networks and systemsPerforming Security Assessments:Identify, assess and prioritize system vulnerabilities for timely remediationAssess and prioritize potential risks and their impacts on organizational assetsConduct or lead third parties through simulated attacks to identify and address security weaknessesAssess regulations and standards through regular audits and corrective actionsProvide input on security policies from assessments to address current threats and recommendations for organizational alignmentCybersecurity Incident Response and Disaster Recovery Planning:Respond to security incidents, including containment, eradication, and recovery effortsTimely communications and activation of Incident Response TeamConduct post-incident analysis to determine root cause and preventative measuresMaintain and update incident response documentation and toolsPlan annual Cybersecurity Incident Response and Disaster Recovery Tabletop exercisesEvaluate and update disaster recovery plans based on lessons learned and actual incidentsEducation, Audit and Compliance:Maintain and advance security awareness, phish testing and specialized training for employeesContribute to Informing staff about new security threats, policies, and procedures through regular updates and educational materialsConduct internal security audits, support external auditors, and ensure audit findings are addressedTrack and maintain all audit recommendations and report on remediation progressStay current with relevant laws, regulations, and industry standards, and assist in the development of policies to ensure complianceConsult on security policies and procedures and alignment with compliance requirementsManaging Business and Vendor Partnerships:Establish and sustain effective working relationships with internal IT teams and business partnersCollaborate with organizations such as the U.S. Coast Guard, CISA, MS-ISAC, MTS-ISAC, WA State Fusion Center, AAPA, Port of Seattle etc.Supervise and maintain relationships with the Company's Cybersecurity vendors, specifically for:Managed ServicesAnnual penetration testingAnnual security performance auditsAnnual incident response (IR) and disaster recovery (DR) tabletop exercisesVarious annual government and military assessments and auditsGovernance and Risk Management:Develop, update, evaluate, and help implement security policies, standards, and procedures to ensure they are in line with organizational objectives and regulatory mandates.Partner with stake holders to assist in the implementation and maintenance of a governance framework to oversee security initiatives, ensuring they are effectively managed and integrated across the organizationPartner with the Cybersecurity Oversight Committee to discuss risk, remediation and oversight (monthly)Conduct regular risk assessments and analyses to identify, evaluate, and prioritize potential security threats and vulnerabilitiesDevelop and implement risk mitigation strategies and controls, and continuously monitor and report on the effectiveness of these measuresRequired Education and ExperienceBachelor's degree in cybersecurity, computer science or information technology or related field is required. An additional four (4) years' experience in Cybersecurity may substitute for a bachelor's degree.A minimum of five (5) years progressively responsible Cybersecurity experience in risk management, governance, audit and compliance required.Experience working with the NIST CSF 1.1 or greater preferred.Preferred Professional Certifications:CCSP: Certified Cloud Security Professional (or related industry security certs)CEH: Certified Ethical HackerCISM: Certified Information Security ManagerCISSP: Certified Information Systems Security ProfessionalCompTIA Security+/CySA+Additional RequirementsKnowledgeDemonstrated knowledge of security protocols, incident response, threat analysis, vulnerability assessment, and security technologies.Knowledge and familiarity in NIST CSF 1.1+ and related cybersecurity standards, protocols, and regulations.Familiarity with security technologies, firewalls, IDS/IPS, antivirus, encryption, and vulnerability management tools.Knowledge of incident response processes, disaster recovery planning, and post-incident analysisUnderstanding of GRC frameworks to ensure the organization meets regulatory requirements and industry best practices.Awareness of how to develop, evaluate, and implement security policies and procedures in alignment with organizational goals and regulatory mandates.Knowledge of managing relationships with cybersecurity vendors and collaborating with external partners like government agencies and other relevant organizations.SkillsSkill in conducting risk assessments, identifying vulnerabilities, prioritizing remediation efforts to mitigate security risks.Advanced ability to perform technical security assessments, including vulnerability scanning, penetration testing, and threat analysis.Strong communication skills, both written and verbal, to effectively convey security issues, policies, and procedures to various stakeholders, including non-technical audiences.Proficiency in coordinating and executing incident response plans, including containment, eradication, and recovery, as well as conducting root cause analysis.Expertise in conducting internal security audits, supporting external audits, and ensuring compliance with laws, regulations, and industry standards.Skill in staying updated with the latest cybersecurity threats, technologies, and best practices, and applying this knowledge to the organization's security posture.AbilitiesAbility to analyze complex security incidents, assess the impact, and develop effective solutions to address vulnerabilities.Ability to work with cross-functional teams, including management, and external partners, to achieve security objectives.Capability to lead security initiatives, mentor, and influence stakeholders to adopt best practices in cybersecurity.Ability to monitor systems, detect suspicious activities, and ensure all security measures are implemented and maintained accurately.Ability to make timely, informed decisions in high-pressure situations, particularly during security incidents or breaches.Skill in managing cybersecurity projects, planning, and execution, to ensure they are completed on time and within scope.The anticipated hiring range is between $118,646 – $139,584 depending on qualifications.Health & Medical Benefits, 401K, Employee Assistance Program, and Sick Time applicable by state.