Sr. IT Security Analyst in Wayne, PA at DISYS

Date Posted: 7/25/2018

Job Snapshot

Job Description

Senior IT Security Analyst (133745)

Location: Wayne PA

Anticipated duration: direct hire


Position Summary of the Security Analyst:  


The Senior IT Security Analyst is a high-level technical expert in the security domain and will work with Information Technology management and staff to set and monitor security standards, best practices, and systems necessary to ensure the protection and confidentiality of the company’s informational assets. This analyst must possess strong technical knowledge of information systems, IT security practices and technologies, the use of established IT security controls and methods, and a working knowledge of data privacy laws. The incumbent must also possess excellent communication skills and the ability to develop and maintain effective interpersonal relationships with managers, internal and external technical staff, and third-party providers and representatives. 


Primary Responsibilities of the Security Analyst:


Planning and Processes:

  • Research and stay informed of potential information security threats, industry trends, emerging technologies, and response alternatives. Keep abreast of current global security risks. 
  • Conduct research and provide insight to identify, assess, and deploy security technology solutions and partners including but not limited to encryption, firewalls, authorization, authentication, intrusion detection, and gateway security controls.
  • Engage in regular assessment of the current IT security environment to identify cybersecurity gaps in systems, processes and controls and evaluate the potential risk exposure. Work with IT management to develop opportunities for improvement.
  • Leads or has primary responsibility for the development, implementation, and monitoring of IT security policies, standards, procedures and guidelines.
  • Monitor and proactively recommend solutions for correcting issues related to security technology performance and capabilities of vendors.
  • Collaborate on critical technology projects to ensure that security issues are addressed throughout the project life cycle.
  • Develop and implement recommendations for security technology solutions, which may include technology for encryption, firewalls, authorization, authentication, intrusion, detection, and gateway security controls.
  • Work in an advisory role in application development or acquisition projects to assess security requirements and implement controls as planned.

Operational:

  • Investigate, analyze, coordinate and report on and resolve all security events, incidents and intrusions; track incidents through analysis, diagnosis, correction and resolution.
  • Ensure that network devices and PCs are maintained via upgrades, patches, and updates with appropriate security controls.
  • Maintain, manage and monitor the company’s compliance with security control frameworks such as the NIST Cybersecurity Framework (NIST CSF) and Payment Card Industry (PCI DSS).
  • Serve as a technical subject matter resource providing expertise in the security domain and provide technical direction to lead appropriate work on security related projects.
  • Ensures the integrity of the company’s data and systems, security of confidential information, and protection of physical property.
  • Lead, facilitate, analyze, execute, govern and represent plans or identified approaches for contracted security assessments, driving remediation through partnering with internal and external business and IT.
  • Perform day-to-day security log review and analysis in adherence with company requirements and industry security best practices. The log reviews include: operating systems, databases, applications, networks and security applications.
  • Work with auditors to demonstrate processes and ensure appropriate levels of access are applied throughout the information lifecycle.
  • Lead the design, development, and delivery of security training programs and individual classes.
  • 24x7 on-call availability as required.
  • Other duties as assigned.

Knowledge, Skills and Abilities needed for the Security Analyst:


  • Knowledge of trends and developments in technology relating to security and risk management.
  • Strong understanding of information security controls, risks and threats.
  • Strong knowledge of enterprise security technologies, e.g., Virtual Private Network (VPN), Encryption, Firewalls, Intrusion Detection/Prevention, and Anti-Virus. Experience with Fortinet preferred.
  • Working knowledge of Microsoft Windows Server and Windows 10 environments, VMWare Server, Oracle OVM, Microsoft IIS and other enterprise-wide applications.
  • Knowledge of information security standards, data privacy laws, computer crime laws, and federal data protection laws, etc.
  • Knowledge of information security audit and assessment methodologies, policies, standards, procedures and best practices.
  • Ability to conduct risk management assessments; provide assistance in identification, prioritization and remediation of information systems vulnerabilities.
  • Strong technical depth and passion for security.
  • Ability to understand the company’s general business functions, and have a conceptual understanding of each division’s/department’s activities.
  • Experience working with 3rd party vendors and service providers.
  • Excellent listening, verbal and written communication skills. Ability to convey technology concepts in a way that is easy for non-technical people to understand.
  • Strong learning, problem-solving and analytical skills.
  • Consistently demonstrates a high level of integrity and professionalism.
  • Ability to manage multiple priorities and meet deadlines.

Qualifications of the Security Analyst:

  • Bachelor’s degree in Information Technology, CyberSecurity or related field.
  • 4 years of experience in an IT Security role.
  • Equivalent combination of education and experience will be considered.
  • Security specific industry certification; preference for CISSP or GIAC (any certification).
  • Prior experience with a Business or Financial Services firm is preferred.

Additional Comments:

To qualify, applicants must be legally authorized to work in the United States and should not require now, or in the future, sponsorship for employment visa status.

Job Requirements

Digital Intelligence Systems, LLC. is an Equal Opportunity Employer, M/F/D/V. We do not discriminate against any employee or applicant because they inquired about, discussed, or disclosed compensation. Email recruitinghelp @ disys.com to contact us if you are an individual with a disability and require accommodation in the application process.Digital Intelligence Systems, LLC. is an Equal Opportunity Employer, M/F/D/V. We do not discriminate against any employee or applicant because they inquired about, discussed, or disclosed compensation. Email recruitinghelp @ disys.com to contact us if you are an individual with a disability and require accommodation in the application process.