View all jobs

Security Analyst

RESPONSIBILITIES Primary duty is the day-to-day operations of the in-place security solutions and the identification, investigation and resolution of security breaches detected/reported by the business; Participate in the planning and design of enterprise security architecture, under the direction of the IT Security Manager, where appropriate; Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate; Participate in the planning and design of an enterprise Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP), under the direction of the IT Security Manager, where appropriate; Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices); interpret implications of that activity and devise plans for appropriate resolution; Participate in investigations into problematic activity; Participate in disaster recovery testing; Develop and implement business and IT continuity/recovery strategies; Provides advice and guidance to technical teams in the performance of their duties related to the ongoing design, development and implementation of continuity/security recovery capabilities in the areas of infrastructure (hardware, software, and networks), application development, and data management; Develop Risk Management deliverables including Threat Risk Assessments (TRA), Statements of Sensitivity (SOS), Vulnerability Analysis (VA) and/or Security Gap Analysis evaluating Information Technology Safeguards (ITS) safeguards; Define Recovery Objectives and Timeframes, including recovery times, expected losses, and priorities; Research and document solutions for Intrusion Detection, Secure Networks, User Management and Control Systems, Information Protection Strategies, Recovery Requirements, and Information Technology Security Evaluation Criteria (ITSEC) challenges; Prepare Cost/Benefit Analysis of ITSEC and Recovery Strategies and presents findings to Senior Management; Conduct Threat Risk Assessments using qualitative and quantitative risk analysis methodologies such as annual loss expectancy, estimated annual cost, threat tree analysis, cause-sequence analysis, hazard and operability analysis, interface analysis and consultative, objective and bi-functional risk analysis; Configure and manage enterprise firewalls, including the modification firewall rules, analysing firewall log files and implementing corrective action; Participate in the design and execution of vulnerability assessments, penetration tests, and security audits; Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and security documents specifically; and Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security. QUALIFICATIONS University degree in a related field Certified Information Systems Security Professional (CISSP)   DURATION: 3 months
Powered by