Information Security Analyst
New York, NY
Summary
The Information Security Analyst will be responsible for monitoring Firm security systems and assisting in the coordination effort to remediate alerts and respond to incidents. Key responsibilities entail daily monitoring activities including SIEM and other security tools and identification and mitigation of suspicious events, vulnerability management and threat mitigation. The successful candidate will also support all other Security Operations activities and assist in the deployment and operation of information security systems, as well as work on a diverse set of security-related projects and responsibilities.
Essential Duties and Responsibilities
- Perform real-time security log and event analysis and take action to contain and mitigate information security threats. The events will originate from SIEM, DLP, IDS, IPS, antivirus, firewalls, system security logs and user reports.
- Create, analyze and develop remediation plans resulting from the identification of vulnerabilities discovered during scheduled scans.
- Assist in maintaining existing security systems such as IPS/IDS, Anti-Virus, EPO, SIEM, NAC and other cyber-attack detection and analytics tools; assist with security technologies deployment, configuration, maintenance, patching/upgrading and decommission.
- Assist with troubleshooting technical issues and identifying root cause and solutions.
- Monitor information systems and services to audit and maintain security controls to ensure compliance with Firm policies and industry best practices.
- Make enhancements to existing monitoring and security operations and contribute to a Continuous Monitoring program framework.
- Work across teams to accomplish security program goals.
- Assist with GRC work when needed.
Knowledge, Skills, and Abilities Required
- Strong knowledge of information security domains, concepts and principals.
- Strong knowledge of network services, vulnerabilities, exploits and attacks.
- Strong ability to troubleshoot technical issues, identify root cause and identify solutions.
- Knowledge of SPLUNK considered a plus.
- Incident Response experience:TIER 2/3 CSIRT Analyst.
- Knowledge of server and desktop operating systems, routers, switches, firewalls and other network equipment.
- Familiarity with MITRE ATT&CK framework.
Experience with any of the following considered a plus:
- Vulnerability Scanning tools
- Network Scanning/Management tools
- Event Log management systems
- Anti-virus, Anti-spam and other protective tools
- Encryption products and Open source security-related tools
- Forensic Tools
- EDR, NDR, XDR tools
- Conducting adversary simulation based on intrusion frameworks
- Critical thinking, investigative mindset and ability to conduct root cause analysis.
- Detail oriented and able to meet tight deadlines.
- Excellent written, verbal and interpersonal skills.
- Highly motivated self-starter with an inquisitive personality.
- Desire and ability to learn new skills and concepts.
Education and Experience
- Bachelor’s degree in related field or discipline.
- Minimum 3-5 years of experience in information security.
- IT background considered a plus.
- CISSP, CISA, GIAC and other Industry Certifications considered a plus.
Working Conditions
- Normal office environment with little exposure to excessive noise, dust, temperature and the like.
*The Firm provides competitive compensation and benefits to its employees ensuring that we attract and retain the most talented individuals. The expected base salary for this role ranges from $170,000.00-$190,000.00, plus bonus. The base salary offer is based on a variety of factors which includes, but not limited to qualifications, education and experience.
**The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of essential functions, responsibilities or requirements.
#LI-Hybrid
Job Type: Full-time, Hybrid
Salary: $170,000.00-$190,000.00, plus bonus
Date Active: 9.18.2024
Exempt/Not Exempt: Exempt