Security Analyst

LBMC, PC
Brentwood, United States of America
9 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Junior

Job location

Brentwood, United States of America

Tech stack

Microsoft Windows
Microsoft Active Directory
Agile Methodologies
Software System Penetration Testing
Azure
Cloud Computing Security
Capability Maturity Model Integration
Computer Security
Information Systems
Identity and Access Management
Information Technology Audit
Intrusion Detection Systems
Systems Development Life Cycle
Azure
Security Software
Security Information and Event Management
Software Engineering
Software Vulnerability Management
SSL Certificate Management
Information Technology
Vulnerability Analysis

Job description

The Security Analyst role is a part of the LBMC Enterprise Department which helps service the firm company wide. This individual will be responsible for ensuring that security operational and project activities are maintained as well as recommending appropriate remediation measures to minimize cybersecurity risks. The position will work closely with the Information Security Officer, IS leadership, and team members to implement and maintain security and compliance across LBMC. The Security Analyst will also work to continually monitor compliance aspects, assisting in risk assessments, monitoring, and security projects to support effective implementation and support. You will be joining a progressive office in Nashville and receiving mentorship and support from seasoned industry professionals in the market. Scope of Work

· The Security Analyst will work with IT and non-IT teams to make certain procedural security controls are established and maintained within the organization and complies with a variety of security requirements as well as industry best practices · The individual will use security software to obtain important data for reporting capabilities · Assist with the investigation and response to security alerts · Analyze security problems, design, and assist in implementing effective solutions · Review security logs and assist technical analysts in interpreting these logs · Work directly with ISO to facilitate cybersecurity risk management processes and activities by reporting on inherent risks and arriving at acceptable levels of residual risk · Assist in the Vulnerability Management Program and work with the IT team to continually review the results of vulnerability scans, patching updates, and penetration tests to provide an 'as is' cybersecurity risk assessment of IT assets · Conduct risk reviews for new applications, developed code, and other related areas prior to implementation and production to ensure minimal risks or exposure · Responsible for phish campaign monitoring · Report possible threats or software issues · Research weaknesses and determine ways to counter them · Assist fellow employees with cybersecurity, software, hardware, or IT needs · Carry out and support information security plans and policies · Respond to, investigate, and assist in recovery efforts related to a security breach · Assist in Security Awareness training development and support · Ensure the organization's data and infrastructure are protected by enabling and/or recommending appropriate security controls · Participate and follow the change management process · Daily administrative tasks, reporting, and communication within Information Security as well as relevant departments within the organization, as needed, or directed · Assist in testing new software and firmware, as needed, or directed

Requirements

· Bachelor's degree in Information Systems, Computer Science, Information Security or related field · Minimum of 1-3 years progressive experience in IT risk, Cybersecurity risk management, IT Audit, or information security risk management, with an emphasis on cybersecurity technology implementation projects or related technology implementations · Strong knowledge of core IT and Security infrastructures including Active Directory, Azure AD, Microsoft Windows security controls, SIEM, AV/EDR, IDS/IPS, PIM, PAM, IAM, Certificate Management, vulnerability scanners, etc. · Strong understanding of each phase of the (S)SDLC and project delivery under Agile methodologies · Cloud computing security in Azure/Windows environments, risk assessments, security controls definition, control procedure appropriateness, security capabilities identification · Working knowledge of a broad range of standards and frameworks: International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, Capability Maturity Model Integration, laws and standards (e.g., NIST, GDPR, Sarbanes-Oxley) · Understanding of SOC 2, Type II audits · Strong knowledge of all aspects of information security within the Analyze, Prevent, Detect, and Respond domains · Must be highly analytical and detail-oriented, with organizational skills to manage assigned work to completion

Apply for this position