Information Security Analyst/Engineer

This role operates, monitors, and provides, general day to day activities supporting the security Endpoint & Data Loss Prevention team in its mission to protect the Bank’s data, customers, and computer systems from business disruption, data/identity compromise, cyber fraud, and regulatory findings.

Essential Functions:

• Assist in the maintenance of documentation for various security technologies and processes, including standards and procedures for security controls according to CIS, PCI, FFIEC CAT guidelines.
• Support the security team in day-to-day operations involving maintenance, project management and script support of - specifically, we are seeking knowledge of endpoint controls and loss control with Defender and Proofpoint capability (as a plus to include web filtering, CASB, NAC, SSO, MFA, HIDS, IDS/IPS, IGA, and vulnerability management experience).

Each Security Analyst is also responsible to cross-train and be familiar with other security functions as assigned:

• Security Monitoring & Response - Detect and respond to security events by identifying, reporting, mitigating, and recovering from security incidents.
• Security Risk & Program Management - Assess and advise technology and business groups by identifying, prioritizing, managing, and reporting security risk.
• Application & Development Security – Define and test reasonable application and development security practices
• Performs other duties as assigned.

Compliance with Laws & Regulations:

• Responsible for complying with all of the Bank’s internal control policies and procedures.
• Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
• Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.

Education and Experience:

• Bachelors’ degree in computer or cybersecurity-related studies or four (4) years of IT or security experience.
• Two (2) years with maintaining any of the following technologies: web filtering, CASB, NAC, SSO, MFA, endpoint security tools, IDS/IPS, IGA, and vulnerability management.
• Scripting in Python or PowerShell is required.
• GIAC, ISC2, or other recognized certifications are a plus.
• Intermediate Windows/Linux administration skills and security best practice.
• Basic of industry standard network security best practices.
• Familiarity with highly-regulated industries, and specifically the banking industry (including FDIC regulations) is desirable .

Summary of Qualifications:

• Intermediate troubleshooting and problem-solving skills.
• Intermediate understanding and experience with security industry best practice.
• Experience with administering Windows and Linux systems
• “White-hat” mentality, with a healthy sense of paranoia (security awareness and risk).
• Positive, inquisitive, can-do attitude.
• Self-starter, requires minimal oversight to perform as expected, work well independently and as part of a team.
• Comfortably perform well under pressure, deliver to commitments on tight deadlines.
• Attention to detail.
• Passion for cybersecurity and technology.
• Technical writing skills.