Title: IT Security Analyst
Salary: up to about$90k plus benefits, etc (Based on Experience)
Location: Parsippany, NJ (Onsite for the first 6 months – then moves to a Hybrid work model)
Industry: Medical
** US Citizen or Permanent Green Card holder only please **
*** Local candidates only ***
**** No C2C ****
Job Description:
Under direct supervision of the Information Technology Director, this position supports the department goals of protecting the organization's information assets. As part of the Information Security Team led by the Corporate CISO you will monitor the organization’s networks for security breaches and investigate violations when one occurs. Prepare reports that document security breaches and the extent of the damage caused by the breach. Research the latest information technology (IT) security trends and assist with the develop of security standards and best practices for the organization. Assist with the response to customer security questionnaires for the organization and medical instruments. Recommend security enhancements to management or senior IT.
Essential Duties & Responsibilities:
- Proactively threat hunt by performing analysis of events in the current SIEM and other SOC tools looking for malicious activity and other security related events that were not identified by the automated processes.
- Respond to customer security questionnaires and inquires around the firm's security program and medical instruments.
- Regularly review logs and reports of all critical information systems. Identify potential security incidents and provide expert analysis on any events of interest.
- Respond to security incidents, including providing post-event analyses and developing procedures for responding to future incidents.
- Conduct regular audits to ensure that systems are being protected and that data is secured. Identify potential weaknesses and implement measures to prevent security breaches.
- Provide daily operational support to end users with Information Security concerns/questions.
- Assist in the development of security policies, standards, and procedures. Ensure these policies are implemented and followed throughout the organization.
- Ensure the safety of information systems assets and protect systems from unauthorized access by performing system access reviews (for internal applications and Cloud services) and documenting any findings.
- Monitor and respond to security system alerts and notifications.
- Investigate/escalate security incidents.
- Perform information security risk assessments on products, processes, vendors, and systems with consideration of good security best practices and the company's overall risk appetite.
- Document and manage security exceptions, violations, incidents and other risk concerns to closure.
- Develop content and action tuning requests to improve alert fidelity and reduce false positives.
- Assist in security awareness training for the organization.
- Maintain Loopio database for security questionnaires.
- Analyzing current IT systems, architectures, and processes. Identifying risks, opportunities, faults, and areas for development.
Education & Requirements:
- Associate or Bachelor’s degree required in Computer Science, Information Technology or related field. Must have a minimum 2 years of experience working in an IT security role. Security related certifications, CISSP desired but nor required.
- Strong understanding of security principles such as attack frameworks, threat landscapes, attacker, etc.
- Proven experience as a Security Analyst or similar role.
- Knowledge of various security methodologies and processes, and technical security solutions (firewall and
- intrusion detection systems).
- Knowledge of TCP/IP Protocols, network analysis, and network/security applications.
- Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information
- security and cloud computing.
- Past experience working in a SOC environment.
- Previous experience in Network monitoring platforms.
- Knowledge of industry best practices and experience with both hardware and software systems.
- In-depth knowledge of Windows operating systems, other OS’s such as Linux is a plus.
- Must have knowledge of MS Office tools, Visio, Teams.
- CISSP, ISACA, CompTIA Security, Microsoft security a plus.
- Experience in ISO certification environment is a plus.
- Excellent analytical and problem-solving skills.
- Strong interpersonal skills with the ability to influence others in a positive and effective manner.
- Ability to work in a team environment.
- Ability to work under pressure in a fast-paced environment.
- Up to 10% travel may be required.
Ability to speak French is a plus (not a requirement)
