Senior Information Security Analyst

Reports To: Information Security Manager

Primary Functions: Information security analysts plan and carry out security measures to protect the credit union’s computer networks and systems. Primary functions in this position would be a broad range of tasks, including the day-to-day administration of information and event management (SIEM) and may include significant responsibilities for the security administration of a variety of IT systems across the enterprise. Additionally, as legal and regulatory compliance drivers continue to grow, many of the security administrator’s tasks may also support audit functions. The individual in this position will interact closely with product vendors and service providers, personnel from various IM departments, and with business departments. In-depth knowledge of Alaska USA’s operating systems and security applications, as well as a working knowledge of basic network protocols and tools, will also be required.

Duties and Responsibilities:

Information Security Analyst III duties and responsibilities.
Provide direction, develop standards, and initiate processes related to identity and access management.
Lead the implementation and development process for security solutions.
Manage the Data Loss Prevention (DLP) Program, coordinate the remediation efforts, generate reports and provide metrics on the effectiveness of the DLP program.
Monitor system logs, SIEM tools, and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
Research threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
Review, assess, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure.
Perform threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure systems are protected from known and potential threats, and free from known vulnerabilities.
Assist and train junior team members in the use of security tools, the preparation of security reports, and the resolution of security issues.
Research, recommend, evaluate and implement information security solutions, which identify and/or protect against potential threats, and respond to security violations.
Conduct audits and reviews of endpoint, network, system security controls, and manage remediation efforts.
Conduct security reviews of the network security architecture to identify accesses and assess the risk to these changes.
Assist in the management of firewalls, intrusion detection systems, switches and routers, which will include researching, designing, formulating, and documenting firewall rules.
Report unresolved network security exposures, misuse of resources, or noncompliance situations using defined escalation processes.
Develop and maintain documentation for security systems and procedures.
Manage the Monitoring and Response Program, identify new threats, develop and tune rules to monitor, generate reports, and provide metrics for the program.
Coordinate incident response activities, gather evidence, conduct forensic analysis on incidents, evaluate security controls, and make recommendations to improve them.
Perform other duties as assigned.
Qualifications:

Education: Bachelors degree in Information Systems, Computer Science, or related technical field.

Creditable Experience in Lieu of Education: Minimum of Eight years of Information Security experience Equivalent technical training and/or IT certifications required.

Experience/Skills: One of the following industry security certifications is required: Security+, Microsoft Certified System Administrator: Security, Vendor-specific Firewall Certification, GIAC Information Security Fundamentals or other intermediate level certification. Three years demonstrable experience managing and implementing enterprise systems/networks. Experience with Firewalls, IDS/IPS, Vulnerability Assessment tools, Endpoint solutions, Proxy servers, Security Incident and Event Management Systems, Data Loss Prevention, Active Directory and Permissions Management desired. Good written and verbal communication, organizational, and interpersonal skills required.

Tenure: Assignment to the Information Security Analyst I category 10, Information Security Analyst II category 09, Information Security Analyst III category 08 or Senior Information Security Analyst category 07 will be determined by the candidates education or experience. Advancement requires management recommendation and will be based on the candidates certifications and/or performance.

Equal Opportunity Employer