| Cyber Security Analyst || USC, GC || Please do not submit fake visa at Remote, Remote, USA |
| Email: [email protected] |
| Title Cyber Security Analyst Location REMOTE with travel once a quarter to CA Visa : USC, GC Duration 6+ months contract to hire Drivers license with current address and expiration date if the home address isnt on the DL, Client wont accept MUST HAVES: Professional IT Security certifications such as CySA+, CISSP, CISM, CISA, CRISC Completed at least one system migration to Cloud Working knowledge of Active Directory, Tools for monitoring trends related to Security Event Management, Vulnerability Assessment, Intrusion Detection; O365; Azure, SSO Understanding of SIEM, AV/patch/vulnerability management, and CIS hardening JOB SUMMARY The primary role of the Cyber Security Analyst is to support the Information Security Officer (ISO) with maintaining the healthy cybersecurity posture of the company by focusing upon adhering with the FFIEC Cybersecurity Assessment Tool (CAT). The objectives are enforcement and monitoring of user/data/system security and integrity in accordance with the Corporate Information Security Policy along with legal and regulatory compliance and recognized standards from International Standards Organization (ISO), National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS). The Analyst also contributes materials and time on activities involving audits, examination, and testing of IT/IS/Cybersecurity controls and design. PRINCIPAL RESPONSIBILITIES AND DUTIES SECURITY MONITORING/AUDIT Monitoring of information security and cybersecurity is to occur daily. Documented procedures and checklists are used to base the completion of routines associated with continuous monitoring functions. The Analyst is responsible to ensure that monitoring is sufficiently robust to reduce risk. Duties include policies configuration, software inventory oversight, malware defense checks, threat insight, and outsourced services oversight. Adhere with CAT declarative statements up to the Banks maturity level relevant to this task. APPLICATION SYSTEMS SECURITY The Analyst will verify appropriate security is applied to shared applications maintained at the Bank. Access rights are applied based on need, information sensitivity, information integrity, and resource management. Policies are maintained that define the standard methods of security implementation for applications. Documentation is developed for non-standard implementation or when inaccessible from the application. Duties include the support and testing, commenting on change control items reviewed in the Change Advisory Board of new or changed security functionality within the applications under review and the random certifications, audit & monitoring of users to oversee appropriate use principles are adhered with. THREAT INTELLIGENCE/PROFILING The Analyst will participate actively in forums to acquire threat intelligence and apply insights to profiling their probability of relevance with posing a cybersecurity risk for the Bank. Utilize insight with tactics, techniques, and procedures (TTPs) from MITRE Attack Framework as applicable. Engage during vendor selection, testing and remediation phases of the annual penetration exercise. Assess penetration test engagement scope and results. Contribute to remedial actions on findings reported. Adhere with CAT declarative statements for this domain in accordance with the Banks maturity level. THREAT MANAGEMENT TOOLS The Analyst will conduct audits whose frequency is risk-based. The reviews of multiple tools implemented to establish the presence of insider threat, endpoint threat, network access control, vulnerabilities exploitation, or anomalous actions. Adhere with CAT declarative statements for the controls domain in accordance with the Banks maturity level. BUSINESS CONTINUITY/DISASTER RECOVERY/INCIDENT RESPONSE The Anlayst supports the maintenance of policies, procedures, and guidelines for information systems incident response and contingency plans. Responsibilities also include the contribution with any aspect of disaster recovery and/or incident response as part of a test or in the event of an actual disaster or incident starting with the alert/notification phase through the return to home site or recovery/resiliency of impacted system/service. TRAINING Train team members as needed to ensure continuity and succession. Assist with integration by colleagues of security tools post implementation. Share best practices with team members to have synergy and efficiency on joint or common tasks. PROCEDURE ADMINISTRATION Procedures for appropriate and relevant assignments are created and maintained by the Analsyt in a central location. Final procedures require the approval of the ISO. OTHER DUTIES Manage projects as assigned in conjunction with technology transformation initiatives, target operating model such as Identity Access Management, Network Segmentation, DNSSEC, and more in the IT/IS roadmap. JOB SPECIFICATIONS Education: Associates Degree in Business Administration or Computer Science. (Nice to have but not a must have) Experience: Minimum 3-4 years work experience in Information Security preferred; experience in Information Technology or Banking Industry helpful. Systems Administrator experience of 3rd party applications. Skills/Qualifications: Ability to work with confidential information and volumes of detail; Ability to intuitively and independently audit, analyze, organize tasks and projects; Experience in information security, computer analytics, testing and techniques. Understanding of SIEM, AV/patch/vulnerability management, and CIS hardening. Ability to identify and mitigate security vulnerabilities by implementing defense tactics. Working knowledge of Active Directory, Tools for monitoring trends related to Security Event Management, Vulnerability Assessment, Intrusion Detection; O365; Azure, SSO. Experience with developing written technical procedures that are user-friendly; Effective oral and written communication skills; presentation experience desired. Ability to work in a team-oriented environment; Experience using industry frameworks such as FFIEC CAT, NIST, COBIT, ISO.- Are a plus Thanks & Regards Gurpreet Singh Technical Recruiter : [email protected] Cloud Space LLC Website : www.cloudspacetek.com Address : 1909 J N, Pease Place, Suite 201, Charlotte, NC 28262 -- Keywords: information technology green card California North Carolina |
| [email protected] View all |
| Wed Sep 06 00:33:00 UTC 2023 |