information security analyst Williamsburg, VA
Job description
Description
The Information Security Analyst designs and implements effective security solutions to protect the foundation’s data, networks, and computer systems. Creates and enforces security policies to prevent unauthorized access, modification, destruction, or disclosure of information. Designs network and system security practices to comply with industry compliance requirements. Acts as a technical consultant to foundation business units to properly assess information security risks. Designs advanced solutions for complex problems and creates standard procedures.
Essential Functions:
- Implements tools to monitor and protect the enterprise (patch management, firewall, IDS, IPS, log management, Endpoint Protection, etc.)
- Monitor the network and user behaviors and respond to alerts accordingly.
- Execute security awareness education and compliance initiatives.
- Responds to security service requests, troubleshoots system/user issues with complexity and supports change management process.
- Identify vulnerabilities and take corrective action.
- Manage third-party encryption certificate distribution (SSL, Code-signing, etc.)
- Plan and lead the tasks required to ensure regulatory compliance (PCI, etc.)
- Analyze current security practices and make enhancements to increase their effectiveness.
- Develop and maintain security documentation and reports.
Perform other duties as assigned.
Required and Preferred Education and Experience:
Required: A minimum of 5 -7 years of advanced level experience implementing and supporting enterprise security solutions. Prior experience with systems administration and network engineering concepts. Requires in‐depth knowledge generally gained through a bachelor’s degree and industry certifications such as CISSP, GSEC, CCSA.
Preferred: Experience with patch management solutions, endpoint protection applications, IDS/IPS, network switching, routing and packet analysis, enterprise firewalls, server operating systems, and Active Directory. Proficient in scripting and network security best practices.
Qualifications: A demonstrated ability to resolve complex technical problems involving heterogeneous systems and technologies with minimal supervision and assistance. Ability to communicate clearly and concisely, both in written and verbal form. Ability to prepare and present reports and sound recommendations to all levels of management and user personnel. Ability to deal tactfully, effectively, and equitably with customers and vendors; ability to work both independently and as a member of a team.
