ASSYST is seeking a Security Analyst who will be responsible for coordinating and executing security policies and controls within the company, assessing vulnerabilities, and ensuring the security of both on-prem and cloud environments. The analyst will manage security systems, investigate security violations, and review security architecture on a daily basis. This role requires a comprehensive understanding of regulatory requirements, industry standards, and trends, with a focus on AWS Cloud Security. The position also involves managing projects, coordinating security-related calls, and implementing security measures to safeguard computer systems, networks, and data.
Key Responsibilities:
- Coordinates and executes security policies and controls, and assesses vulnerabilities within the company.
- Experience with data and network security processing, security systems management, and security violation investigation.
- Performs daily analysis of on-prem and cloud security and monitors security operations, including security architecture reviews.
- Understands regulatory requirements, with in-depth knowledge of industry standards and trends, and is proficient with the latest cybersecurity software.
- In-depth knowledge of AWS Cloud Security.
- Manages various projects and oversees all aspects of project planning and execution.
- Identifies problems/issues, analyzes and evaluates alternatives, and recommends/implements effective solutions.
- Orchestrates calls, including but not limited to project kick-off calls, notifications of high/critical findings during the testing process, and close-out calls to review test findings, evidence, process steps to reproduce, and remediation recommendations.
- Implements security measures to protect computer systems, networks, and data, and stays up to date on the latest intelligence, including hacker methodologies, to anticipate breaches.
- Extensive experience working with and implementing NIST 800-37, NIST 800-53, MARS-E controls, POA&Ms, and developing Corrective Action Plans.
- Reviews violations of computer security procedures and collaborates with the HHSC/TIERS Security team.
- Confers with users to discuss issues such as computer data access needs, security violations, and programming changes.
- In-depth knowledge and hands-on experience with the AWS platform.
- Experience with security web application firewalls.
- Manages conflict and resolves issues at managerial levels.
- Reviews and coordinates audit responses, evidence gathering, and plans of action. Collaborates with IT departments to coordinate audit responses.
- Develops and implements IT policies, standards, and procedures.
- Experience in delivering technical training in cloud-based technology is a plus.
- Provides Windows and Linux operating system and application support.
- Conducts information security risk assessments.
- Reviews security governance documentation and security plan documents.
- Experience with ITIL - ticketing using Remedy and ServiceNow.
- Trains staff on network and information security procedures, processes, and information safeguarding.
- Experience working with Archer GRC, Dynatrace, Splunk, Imperva Web Application Firewall, Qualys, and MS Office tools.
Qualifications:
- Extensive experience in information security and cloud security, particularly with AWS.
- Proven experience in managing security projects, security audits, and vulnerability assessments.
- Strong understanding of security governance, NIST standards, and regulatory requirements.
- Proficiency with security technologies such as web application firewalls, Splunk, and Imperva.
- Excellent problem-solving skills and the ability to recommend and implement effective security solutions.
- Strong communication skills, with experience in conflict management and managing security-related calls.
ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.