Location: Houston, TX

Post Date: August 8

Employment Type: IT Contract To Hire

Reference Code: #5385

Job Description

The Security Analyst is responsible for developing and supporting corporate Information security strategies.  This position will require a diverse set of technical and security skills, the ability to adapt and learn unfamiliar technologies with the discipline to follow processes in a regulated environment.  The person will also safeguard the integrity of information assets and network connections while providing production support for security infrastructure.  Must have a well-rounded understanding and experience with a wide range of security products, operating systems and all aspects of networking in order to maintain the security posture of the information systems through the system’s life cycle. Reports to the Information Security Supervisor.

 

ESSENTIAL JOB FUNCTIONS:

  • Perform risk analysis and communicate infrastructure security risk to management for risk-based decision making
  • Provide security services to the business (including issue resolution)
  • Reviews and evaluates new and advanced security technologies
  • Performs vulnerability testing and remediation
  • Act as liaison between Information Technology and both internal/external auditing efforts to track controls, coordinate audit requests and responses
  • Analyze audit and SSAE 16 (or SAS70 Type II) reports of third party data centers.
  • Assist with incident response
  • Develop, maintain, and make recommendations on security policies, procedures, and documentation
  • Provide guidance across all teams and influence the design, implementation and management of ’ infrastructure as it pertains to security. 
  • Work in a team environment requiring interaction with other security analysts, system/network/database administrators, software developers, and managers in identifying security requirements, specifications, and project planning activities
  • Review and update security training material,  Web content, memos and awareness notifications, and conduct training sessions for the organization
  • Interfaces with the user community to understand their security needs and implements procedures to accommodate them
  • Provides management and supervisor with daily status reports
  • Requires occasional work outside of normal business hours

 

KNOWLEDGE & SKILLS:

  • Familiarity with Sarbanes Oxley (SOX) processes
  • IT Audit experience preferred
  • Familiarity with NIST 800 series security documentation
  • Other desirable security certifications include: GSEC, GCIH, CRISC, CEH, CISM
  • Secure coding practices (including web-based applications)
  • Exposure to the following:
    • Windows 2008/2012 Server / Active Directory
    • Windows 7 / 8 Workstation
    • MS Office products
    • Microsoft SQL and Oracle database and applications  
    • HP Unix and Redhat Linux
    • Tenable – Nessus / Rapid 7 – Nexpose and Metasploit
    • z/OS ACF2
    • IPS/IDS
    • Cisco - switches, routers, and firewalls
    • Ethernet and TCP/IP environment protocols
    • Symantec Bindview/Control Compliance Suite
    • Hosted/SaaS/Cloud Computing
    • Server and Security administration tools
    • Excellent written and oral communication skills

 

EDUCATION/EXPERIENCE:

  • Bachelor’s Degree in Computer Science/Information Technology/ related field is required.
  • Minimum 5 years of experience in the Information Security field
  • CISSP/CISA certification REQUIRED
  • Knowledge of Information Security principles, terminologies and technologies
  • Knowledge of current security tools and protocols
  • Experience with live penetration testing and system hardening