IT Security Analyst
Tential
 Cedar Rapids, IA

Role Overview:

This position requires a seasoned professional in IT Security and Compliance who independently implements security controls, analyzes and implements IT security devices and systems, and regulates network access. The professional will be responsible for a wide range of security responsibilities, with a focus on planning, analyzing and deploying solutions on premise while also considering cloud solutions in AWS or Azure. The professional is expected to work within cross-functional project teams and is responsible for the overall health and performance of a system, while frequently working with technology providers and developers to deliver and maintain secure solutions. The professional is expected to operate and perform at the highest levels of confidentiality and integrity.

Primary Responsibilities:

? Design, develop, test, integrate, implement and document information security solutions for all OSI model layers such as (but not limited to) proxies, remote access, firewalls/gateways and intrusion detection/prevention systems of moderate to high complexity

? Apply security policies to meet security objectives of the system

? Analyze current cybersecurity features, integrate new security features into existing infrastructures, and help to resolve integration and testing issues

? Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation

? Serve as a security technical lead on enterprise IT projects through the creation and implementation of detailed designs, as well as a security liaison while working with other security experts to identify and remediate security concerns during project implementation

? Properly document all systems security implementation plans, operations, and maintenance activities and update as necessary

? Subject Matter Expert on all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction

? Support complex operational tasks that are assigned as part of project implementation

? Assess adequate access controls based on principles of least privilege and need-to-know

? Perform detailed troubleshooting in support of system remediation efforts

? Act as security representative for cross-functional troubleshooting teams to aggressively identify and correct enterprise issues

? Mitigate/correct security deficiencies identified during security testing and/or recommend risk avoidance/acceptance for the appropriate senior leader

? Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities

Qualifications:

Basic Qualifications: Candidates for this role should possess a Bachelor’s degree and three years of prior relevant experience or in the absence of a degree, six years of prior relevant experience.

? Must possess a strong understanding of TCP/IP networking principles and secure coding practices

? Must be able to obtain a security clearance

? Must be able to independently own, lead and drive security projects to completion

? Must be a team player willing to engage and work with other team members

? Must be able to professionally frame risk management decisions, and work with leadership to determine best course of action for securely moving the business forward

? Must be able to professionally communicate security concerns and positions to non-security and/or non-technical audience

? Must have experience with Windows and Unix-based operating systems

Desired Qualifications

? Security certifications (e.g. Security+, GCIA, GCIH, CISSP, CEH, GIAC, AWS Cloud Architect/Security, or Microsoft 365/Azure Security)

Tasks:

? Apply security policies to meet security objectives of the system.

? Apply service-oriented security architecture principles to meet organization s confidentiality., integrity, and availability requirements.

? Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.

? Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

? Implement specific cybersecurity countermeasures for systems and/or applications.

? Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

? Properly document all systems security implementation, operations, and maintenance activities and update as necessary.

? Assess the effectiveness of security controls.

? Assess all the configuration management (change configuration/release management) processes.

? Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.

? Analyze and report system security posture trends.

? Assess adequate access controls based on principles of least privilege and need-to-know.

? Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed.

? Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.

? Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.

? Verify minimum security requirements are in place for all applications.

? Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

? Work with stakeholders to resolve computer security incidents and vulnerability compliance.

? Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

#CB

#LI-WB

Support