Location: Durham, NC
Duration: 6 Months, Contract to Hire
- As the Senior Information Security Analyst, you will be a senior member of the security operation team, leading the investigation of security alerts and reported security issues, driving those issues to completion, and assisting other analysts on the team during incident analysis.
- Additional responsibilities will be to coordinate governance and management of IT control frameworks to ensure regulatory compliance.
- Lead the analysis and investigation of information security events (IDS/DLP/SIEM/etc.), run to ground detected events and eliminate false positives.
- Perform vulnerability and compliance scanning, analyze results, craft reports, and drive discovered issues to closure.
- Work directly with our internal and external customers to understand and resolve their security questions, concerns, and requests.
- Actively identify and consult with management and business areas regarding unresolved security exposures as well as misuse or noncompliance situations.
- Lead the creation, administration and maintenance of threat and vulnerability management process and procedures.
- Coordinate monitoring and reporting of key control activities for metrics discussions and during audit periods.
- Handle and maintain compliance for threat and vulnerability and develop and publish information procedures and guidelines, including compliance monitoring procedures across the organization.
- Responsible for handling multiple segments of the internal and external audit process for tracking and reporting confirmed audit issues from identification to closure/validation.
- Coordinate the development and delivery of security mentorship and training to business partners by performing security program presentations, both internally and externally.
- Bachelor’s degree and 5 years’ experience in security operations, incident response, and/or security engineering.
- If no degree, 6 years in security operations, incident response, and/or security engineering.
- Experience with more complex, new technology implementation processes in a multi-functional project management environment
- Solid consultative experience with demonstrable ability to determine appropriate security controls and identify mitigation strategies that meet business and technical requirements
- Experience in translating business requirements to technical solutions and services.
- Prior experiencing working in a security operations center environment.
- Prior experience analyzing security events (IPS/IDS, DLP, SIEM)
- Prior experiencing reviewing vulnerability scan data and performing vulnerability management.
- Informal leadership, coaching and mentoring skills.
- Strong consultative skill set with ability to provide appropriate direction to other IT groups on security matters
- Demonstrated initiative to learn new technologies.
- Excellent written and verbal interpersonal skills, including strong presentation skills.
- Demonstrated ability to develop and maintain collaborative working relationships with varying constituencies and teams.
- Demonstrated dedication to and leadership of continuous process improvement.
- Security+, CSA, GCIA, GCIH, GMON, or other incident response / security related certifications a plus