Cybersecurity Analyst

Position Overview

The Cyber Security Analyst (CSA) plays a crucial role in securing the firm’s information systems by overseeing daily operations related to network, system, and application security. Reporting directly to the Information Security Manager, the CSA will provide expertise to safeguard IT systems and networks from cyber threats, ensuring robust security protocols and effective risk management.

The CSA leads initiatives like vulnerability management, annual cybersecurity assessments, and penetration tests, while also staying ahead of emerging cyber threats. This position focuses on proactive threat detection, analysis, and mitigation to secure the firm’s unique digital environment.

Key Responsibilities

• Proactive Threat Detection & Mitigation: Continuously monitor the environment to detect and mitigate cyber-attacks before they occur.
• Technical Expertise: Provide guidance and technical expertise on security-related issues to operational teams.
• Alert & Incident Response: Investigate and respond to real-time security alerts, reviewing incidents for potential breaches.
• Security Reporting & Compliance: Ensure adherence to security protocols and review reports for compliance issues.
• Threat Intelligence: Monitor online sources for emerging cyber threats and adapt security measures accordingly.
• Security Technology Assessment: Assess new security technologies and recommend enhancements.
• Vulnerability Assessment: Conduct regular assessments to identify weaknesses and proactively implement solutions.
• System Management: Manage security systems and platforms, ensuring proper maintenance.

Demonstrable Requirements

• Educational Requirements: A four-year college degree or equivalent industry training and certifications.
• Experience: 3–5 years of experience in a security analyst or related position.
• Technical Knowledge: Strong understanding of firewalls, routers, switches, VPNs, and operating systems.
• Microsoft Technology Platform: Expertise in Microsoft enterprise technologies (Azure, Active Directory, Office365).
• PowerShell Proficiency: Skilled in using Windows PowerShell for automation and scripting.
• Vendor Experience: Experience with security products like Splunk Cloud, Rapid7 Nexpose, and Sophos Antivirus.
• Communication Skills: Strong ability to articulate complex security concepts to technical and non-technical audiences.
• Threat Hunting: Experience in implementing and managing a threat hunting program.
• Compliance Frameworks: Knowledge of NIST, COBIT, and ISO security and compliance standards.

Desired Qualifications

• Certifications (Preferred):
  • Certified Ethical Hacker (CEH)
  • Certified Information Security Manager (CISM)
  • CompTIA Security+
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Security Essentials Certification (GSEC)
• Hybrid Environments: Experience in managing both on-premise and hosted systems.
• Application & Database Security: Familiarity with securing applications, including threat modeling and secure coding practices.