Contributes to the Cybersecurity and Information Security (CSIS) department’s mission to effectively manage security threats and risks that could potentially impact GEHA’s mission, goals and objectives. Contributes to the CSIS department’s efforts to protect the confidentiality, integrity and availability of the organization’s information assets in compliance with organizational policies, procedures, standards, laws, and regulations. Assist in building a risk-aware and control-conscious culture by contributing to the development, implementation and administration of a strategic, comprehensive and holistic cybersecurity and information security program and framework. The Security Analyst is responsible for supporting the CSIS department’s security administration, threat management, security assessment, security risk monitoring and incident response processes and technology.
• Utilizes, manages and administers security related functions and solutions including, but not limited to, firewalls, intrusion detection systems, intrusion prevention systems, incident response systems, threat management systems, two-factor authentication systems, antivirus and malware analysis systems, secure email gateway appliances, web filtering proxy solutions, security information and event management (SIEM) platforms, data loss prevention systems, vulnerability detection, content filtering and identity and access management systems.
• Collects and analyzes security information and event management (SIEM) data to identify malicious threats, inappropriate activities, or any events that could potentially impact the confidentiality, integrity and availability of the organization’s information systems and assets.
• Support the CSIS incident response program. Respond to security incidents including collection of evidence, analysis, investigation and resolution activities.
• Participates in the system acquisition and system development (SDLC) process. Evaluates and provides recommendations related to the security aspects of the organization’s information systems, configuration, and documentation.
• Participates in providing security related training to all levels of the organization’s staff.
• Participates in internal and external security assessment and audit support activities. Performs activities to resolve open audit issues.
• Participates in the continuous monitoring activities of the organization that are in effort to comply with information security controls, procedures, and policies.
• Works closely with the organization’s Information Technology teams to secure the information technology infrastructure, improve service delivery, and increase productivity.
• Participates in the organization’s enterprise risk assessment, business continuity and disaster recovery efforts including preparation and maintenance of plans, risk assessments, and testing. Assists with the identification and classification of information assets.
• Recommends security tools, activities, and procedural changes to enhance the efforts of the Cybersecurity and Information Security department. Identifies opportunities to automate or streamline current processes.
• Creates and maintains security documentation and standard operating procedures in support of team responsibilities, including but not limited to business continuity, security assessments, vulnerability management, threat management, remediation activities, procedures, training, and metrics. Prepares ad-hoc reports in support of CSIS programs and initiatives.
• Supports management efforts to deliver a secure information processing environment for the organization. Serves on IT project teams to identify security concerns as directed by the Director, CSIS.
Requires a Bachelor’s degree in Computer Science, Information Systems, or related discipline. Additional years of qualifying work experience may be considered in lieu of formal education. Requires one or more of the following security Certifications or must be attained within 2 years: CISSP, CISA, CISM, GIAC or related security Certifications.
Requires three years of IT Security, Cybersecurity or IT risk management experience. Requires working knowledge of IP networks, firewalls, and Active Directory, Mobile Device Management, Citrix, Web Application, Splunk, Microsoft SQL and virtual computing environment experience a plus. Requires experience with daily security activities such as SIEM log review, system administration, incident response, disaster recovery, security assessments, and vulnerability management. Must be a critical thinker, customer service focused, organized, detail oriented, and analytical. Requires effective verbal and written communication skills to interface with management and employees.