Allegis Group
Information Security Analyst
Allegis Group, Hanover, Maryland, United States, 21098
Overview:
Job Summary:The Information Security Analyst will provide service and operational support to all ACS Information Security Office service offerings and capabilities. The InfoSec Analyst will support project work upon request.This position will support the security incident response system as well as the threat detection systems that monitor the environment. The Information Security Analyst is responsible for the analysis and documentation of security incidents, participate in the litigation hold processes, ensuring that security events are properly enumerated and resolved and accounted for in the ITSM tools.The Information Security Analyst will support all GRC initiatives, participating in compliance audits and reviews of both systems and processes that govern the operations of Allegis IS and the personnel responsible for supporting these same systems.Required in-office presence at least 4 days per weekResponsibilities:Essential Functions:Work incidents and requests from the Security ticket queueHandle security escalations, identify and resolve critical security events requiring additional/specific investigation, triage, and mitigation.Assist the Information Security, Legal and Compliance teams in the creation of procedures, technical documentation, and completion of project tasks as required.Generate and present reports aggregating incident dataReview purchasing agreements, questionnaires, contracts and statements of work to ensure compliance with company security standards and requirementsProvide guidance and support to the Legal and executive requests for data gathering and analysisDocument and report assessment and incident findings to the Security Operations Manager and ISOCollaborate with IS management, the corporate Legal department, safety and security, and law enforcement agencies to manage risks and security vulnerabilitiesCollaborate with other IS groups to implement Information Systems policies, procedures, standards and guidelinesPerform the operation of related compliance monitoring, auditing, and improvement activities to ensure compliance both with internal corporate policies and applicable laws and regulationsRepresent the Information Security role in the Change Management, Incident Management, Patch Management, and Problem Management processesActively participate in the IT security community to stay abreast of current standards and best practices.Maintain an industry standard information security certificationPrepare reports that document general metricsSupport the on-boarding of new InfoSec employees and contractorsAbility to work off-hours to handle security alerts and changes to InfoSec technologies.Perform other related duties as assignedQualifications:Minimum Education and/or Experience:Bachelors degree in the field of MIS, computer science, information systems or computer engineering or equivalent experience2 to 4 years of experienceIdeal candidates will hold one or more of the following certifications:o NET+, SEC+, SANS GIAC (GISF, GSEC or other),Experience with Agile methodology a plus (ACP)Skills/Abilities:Data Loss Prevention technologiesSecurity Operations CentersEncase Litigation/Hold process solutions.Rapid7/NeXPOSE security scanning and management toolsExperience with Microsoft O365, Microsoft Defender for Cloud, .NET, Active Directory, ADFS, Windows/Linux, SQL Server, Azure AD, VMware/Citrix, Salesforce.comIncident and Problem management system supportBasic understanding of Network, host, data, integration, and application access security in multiple operating system environments (Windows, Solaris, Linux, etc.)Basic understanding of Information Security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-listsBasic understanding of the Internet, web, application and network security techniqueExperience in successfully deploying new business processes and technologiesBasic understanding of network scanning and intrusion detection productsBasic understanding of Data Loss Prevention and threat detections systems Basic understanding of Federal/International regulations related to information security (FISMA, Computer Security Act, Safe Harbor, HIPAA, etc.)Core Competencies:Build relationshipsDevelop peopleLead changeInspire OthersThink criticallyCommunicate clearlyCreate accountability
Job Summary:The Information Security Analyst will provide service and operational support to all ACS Information Security Office service offerings and capabilities. The InfoSec Analyst will support project work upon request.This position will support the security incident response system as well as the threat detection systems that monitor the environment. The Information Security Analyst is responsible for the analysis and documentation of security incidents, participate in the litigation hold processes, ensuring that security events are properly enumerated and resolved and accounted for in the ITSM tools.The Information Security Analyst will support all GRC initiatives, participating in compliance audits and reviews of both systems and processes that govern the operations of Allegis IS and the personnel responsible for supporting these same systems.Required in-office presence at least 4 days per weekResponsibilities:Essential Functions:Work incidents and requests from the Security ticket queueHandle security escalations, identify and resolve critical security events requiring additional/specific investigation, triage, and mitigation.Assist the Information Security, Legal and Compliance teams in the creation of procedures, technical documentation, and completion of project tasks as required.Generate and present reports aggregating incident dataReview purchasing agreements, questionnaires, contracts and statements of work to ensure compliance with company security standards and requirementsProvide guidance and support to the Legal and executive requests for data gathering and analysisDocument and report assessment and incident findings to the Security Operations Manager and ISOCollaborate with IS management, the corporate Legal department, safety and security, and law enforcement agencies to manage risks and security vulnerabilitiesCollaborate with other IS groups to implement Information Systems policies, procedures, standards and guidelinesPerform the operation of related compliance monitoring, auditing, and improvement activities to ensure compliance both with internal corporate policies and applicable laws and regulationsRepresent the Information Security role in the Change Management, Incident Management, Patch Management, and Problem Management processesActively participate in the IT security community to stay abreast of current standards and best practices.Maintain an industry standard information security certificationPrepare reports that document general metricsSupport the on-boarding of new InfoSec employees and contractorsAbility to work off-hours to handle security alerts and changes to InfoSec technologies.Perform other related duties as assignedQualifications:Minimum Education and/or Experience:Bachelors degree in the field of MIS, computer science, information systems or computer engineering or equivalent experience2 to 4 years of experienceIdeal candidates will hold one or more of the following certifications:o NET+, SEC+, SANS GIAC (GISF, GSEC or other),Experience with Agile methodology a plus (ACP)Skills/Abilities:Data Loss Prevention technologiesSecurity Operations CentersEncase Litigation/Hold process solutions.Rapid7/NeXPOSE security scanning and management toolsExperience with Microsoft O365, Microsoft Defender for Cloud, .NET, Active Directory, ADFS, Windows/Linux, SQL Server, Azure AD, VMware/Citrix, Salesforce.comIncident and Problem management system supportBasic understanding of Network, host, data, integration, and application access security in multiple operating system environments (Windows, Solaris, Linux, etc.)Basic understanding of Information Security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-listsBasic understanding of the Internet, web, application and network security techniqueExperience in successfully deploying new business processes and technologiesBasic understanding of network scanning and intrusion detection productsBasic understanding of Data Loss Prevention and threat detections systems Basic understanding of Federal/International regulations related to information security (FISMA, Computer Security Act, Safe Harbor, HIPAA, etc.)Core Competencies:Build relationshipsDevelop peopleLead changeInspire OthersThink criticallyCommunicate clearlyCreate accountability