IT Security Analyst
DBA Web Technologies
Bellevue, WA US
NOTE - IT Security and Risk department is looking for an IT Security Analyst to join the team. This position will be filled as an "advisor security analyst" or "senior security analyst" or "security analyst" depending on the qualifications of the selected candidate.
This role will develop, deliver, maintain or monitor IT security policies, standards, and best practices. There will be opportunities to implement, integrate, maintain, report or monitor security and compliance risk management procedures to reduce financial loss and critical business services. The ideal candidate will also perform security, vulnerability and threat assessments and security incident management. The candidate will oversee the compliance requirements, audit services and be an integral part of proper implementation of our disaster recovery procedures in alignment with enterprise business continuity, development and testing. Diligently upholds the safety compliance standards inherent in PSE’s operating and/or field procedures related to work responsibilities.
- Acts as a leading member of the IT Security Incident Response team with working knowledge of Forensic Investigation methods and evidence preservation.
- Acts as a leading member of the Threat Management program in support of SIEM development.
- Develops and maintains effective Information Security program plans, processes, and procedures necessary to drive increased maturity across organization.
- Plans and implements security and integrity controls over client-server based applications.
- Researches, evaluates, designs, tests, recommends, and plans implementation of new or improved information security software or devices.
- Analyzes new/enhanced software application or tool implementations for implications to existing security software and devices.
- Possesses and applies broad knowledge of security, risk, and compliance principles, practices and procedures in at least one process area.
- Drafts new or updates existing process, procedures and policies as necessary and updates or creates documentation based on work performed.
- Defines, implements, and enforces security and compliance controls.
- Facilitates the development and implementation of security systems.
- Applies knowledge in a primary Team and general knowledge in multiple relevant Teams to create solutions for complex business situations.
- Provides technical expertise and guides the administration of security tools to ensure controls are in place.
- Analyzes application security needs based on the sensitivity or proprietary nature of the data, and ensures systems are utilized for management-approved purposes only
- Demonstrates success working in a team, with the ability to communicate and collaborate with business partners and peer-level professionals.
- Confers with team members on security or compliance matters.
- Mentors and coaches team members and other IT peers to support cross-training and knowledge sharing.
- Resolves complex problems, often collaborating with other experts to do so.
- Defines project scope, objectives, and requirements to support aligned work efforts.
- Works with IT professionals and managers across multiple segments.
- Responds to unfamiliar, undefined, unexpected, or unstable situations with the professionally prescribed standard response.
- Operates under limited direction.
- Performs other duties as assigned.
FOR ADVISOR LEVEL (Senior Most): MINIMUM QUALIFICATIONS:
- Bachelor’s degree and 8 years of experience or combination of specialized training/experience and 8 years of directly relevant experience.
- Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized technical expert and to lead teams
- Knowledge of security frameworks such as: ISO 27001, NIST 800-53, COBIT and COSO
- Experience with implementation and management of compliance requirements such as NERC and SOX
- Understanding and experience with other security products and techniques such as token-based dialup authentication, modem callback and password management is desirable
- Ability to effectively adapt to and apply rapidly changing technology to business needs
- Strong knowledge and understanding of business needs, with the ability to establish and maintain a high level of customer trust and confidence
- Proven ability to work under stress in emergencies; flexibility to handle pressure coming from all directions at one time
- Strong analytical and problem-solving skills
- Strong customer focus and ability to manage client expectations
- 1+ year experience configuring or managing SIEM systems and solutions
- 1+ year experience configuring or managing an enterprise dependent solution in support of multiple business processes
- Highly desirable are certifications in one or more of the following:
- Certified Information Security Manager (CISM), Certified Information Systems
- Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Network Security Professional (CNSP) or Associate (CNSA), Certified
- Protection Professional (CPP), Cisco Certified Security Professional (CCSP), CyberSecurity Forensic Analyst, EC-Council Certified Security Analyst, InfoSys
- Security Architecture Professional (ISSAP/CISSP), InfoSys Security Engineering Professional (ISSEP/CISSP), InfoSys Security Engineering Professional
- (ISSEP/CISSP), Internet Computer Security Engineer (ICSE), Prosoft CIW Security Professional (CIW-SP), SANS-GIAC certifications family, Security Plus, Certified Forensics Investigator
Our Ideal Candidate will have 7+ to 10 years experience and a Bachelor's Degree