Information Security & Risk Analyst
Job Description
Ref No.: | 19-03414 |
Location: | Boston, Massachusetts |
|
Job Requirements: |
RESPONSIBILITIES: * Serve as point person and primary point of contact for Managed Security Services Provider (MSSP) * Work with MSSP to maintain Security information and Event Management (SIEM) tool, develop alert procedures, respond to security incidents and escalate incidents as necessary * Routinely perform threat hunting to search for Indicators of compromise alongside third party Incident Responders * Triage phishing emails in a sandboxed environment and perform basic malware analysis * Maintain security systems to generate alert use cases and work with MSSP to triage alerts and perform network forensics * Manage the research, approval and deployment of vendor security and application patches to all endpoints * Conduct risk assessments to evaluate the effectiveness of existing IT controls * Provide technical guidance and recommendations for new products and services. * Maintain and implement IT security policies, standards, procedures and protocols * Conduct vulnerability scans and prioritize results for patching effort. Collaborate with other teams in the IT department to remediate vulnerabilities as necessary. * Promote a high degree of data security awareness in the firm * Participate in the maintenance of the firm's Disaster Recovery and Business Continuity Plan * Gather documentation/technical information in support of audit requests and issue remediation efforts. * Assist in client audits, responding to third party inquiries, and implementing a third party risk management program * Create and maintain documentation on Firm information security procedures * Assist with annual Firm-wide security awareness training * Stay current with applicable government regulations and requirements * Enforce security best practices across all firm systems * Assumes additional responsibilities as needed QUALIFICATIONS: * Bachelor's degree in Computer Science, Information Security, or related field * 4+ years' experience in network/systems administration and 2+ years in security * CISSP, CISA, GCIH, or other related information security certifications * Demonstrates strong problem solving, analytical, interpersonal, and ownership skills * Possesses excellent collaboration skills for work with various internal team members ADDITIONAL SKILLS/EXPERIENCE: * An understanding of security concepts, encryption, system hardening, defense-in-depth designs, advanced persistent threats, anomaly detection and next-generation technologies * Working knowledge and experience with any of the following technologies: VA, SIEM, DLP, IPS/IDS, AV, MFA, VPN, FW, AD, Wireless, ACL's, & Port Scanning * Experience with event logging and correlation in SOC or CSIRT * Experience with endpoint/network forensics and malware analysis * Advanced knowledge of the Windows operating system * Knowledge of ISO 27001 and SOC2 * Knowledge of rules and regulations related to GLBA, HIPAA, Mass Privacy, etc. * Knowledge of a variety of security tools * Knowledge of Mitre ATTA&CK framework a plus * Experience with WMI, PowerShell and Python a plus |
Application Instructions
Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!
Apply Online