INFORMATION SECURITY ANALYST / ENGINEERInformation Security Analyst
Full Time Direct Hire
Salary is DOE (target is ~95-115k + bonus)
San Diego, CA 92128 (Carmel Mountain, off the 15 and 56)
Required Skills / Experience:
Minimum 2+ years Information Security (with current experience) and additional IT experience
Experience dealing with compliance standards and requirements (NERC, PCI, SOX, etc.)
In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
Extensive knowledge and understanding of Patch Management and malware protection.
Cybersecurity event monitoring and log analysis.
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
Knowledge of encryption tools and concepts including: PGP, PKI, and digital certificates.
Knowledge and understanding of conceptual security design considerations in Internet firewalls, LAN, WAN, file Server, PC, TCP/IP and VPN environments
Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts.
CISSP, CISA, CRISC, CISM or equivalent security certification.
Bachelor's degree in computer science or related field.
Knowledge and understanding of Security information and event management (SIEM) for advanced threat correlation and analysis.
Experience managing and leading Security projects, including defining requirements, developing project plans, and delivering results.
Knowledge of Microsoft server operating systems, Active Directory, SharePoint, file and print servers, networking protocols, firewalls, and vulnerability scanning tools highly desired.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.
Knowledge and understanding of relevant legal, regulatory and reliability requirements, specifically Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporations (NERC).
Knowledge of cybersecurity event monitoring and logging functions for regulated NERC CIP SCADA and other Industrial Control System environments is a plus.
Experience with SolarWinds Network Configuration Manager, Server & Application Monitor, Patch Manager, and Log & Event Manager.
Experience with Lockheed Martin Industrial Defender and BMC Footprints Modules.
Strong team player.
Strong organizational skills to handle multiple priorities.
Excellent oral and written communication skills.
Heavy focus on compliance for the first ~6mo+
Responsible for cybersecurity event monitoring and log analysis that will comprise a large majority of the individuals time and efforts. The role of satisfying this requirement will be extremely important towards the success of the individual and the Security team.
Assist in the implementation of security configuration and operations standards for security systems and business software applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
Will be involved with ongoing integration with the audit group. Receives audit findings, and manages the collection of responses and remediation plans with owners. Responsible for the execution of IT self-audits, sufficiency reviews, and risk assessment activities
Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes.
Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required.
Oversight of security-related platforms, change management, etc.
May be involved with the maintenance of information security policies, standards and guidelines as required.
Participate in infrastructure projects to develop requirements, plan, and implement specifications for network and distributed system security technologies in support of key information systems.
Identify, triage and communicate known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards.
Research, recommend, evaluate and implement information security solutions that identify and/or protect against potential threats, and respond to security violations.
Ensure that IT global initiatives and standards are achieved within scope of responsibility.
Follows industry best-practices for security incident, problem, and Change Management (ITIL).
Reports on information security metrics to demonstrate control effectiveness.
Develops and promotes activities to create information security awareness within the organization.
The Information Security Analyst is required to work closely with the other members of the Information Technology team to develop and implement a comprehensive information security program. This includes defining security policies, processes and standards. The security analyst works with the IT department to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained and Change Management processes and procedures are developed and maintained. This role will also assist in enhancing security awareness education and on-going security awareness communications.
The security analyst will be extensively involved with security event monitoring and activities identifying, evaluating and reporting on information security that supports the risk posture of the enterprise. Specific reliability standards and regulatory requirements crucial to the position include knowledge of current Critical Infrastructure Protection (CIP) reliability standards as set forth by the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporations (NERC). Responsible for analyzing the enterprise information security environment and recommending security measures to safeguard its valuable information assets. The security analyst acts as an advisor to the enterprise's business units, as well as to other risk management functions, such as the enterprise risk management, audit, and business continuity management and compliance organizations.
Leading Renewable Energy Company
Medical (multiple options including one that is 100% paid)
Dental and Vision
Discounted Onsite Lunch
Click here to send us your resume