Information Security Analyst

About the Opportunity

JOB SUMMARY

Northeastern University is looking for a highly motivated and experienced candidate for the role of Information Security Analyst. This individual reports directly to the Director of Information Security and will ensure the delivery of the Information Security Program services to achieve both business and security objectives and contributes to Information Security Operations across Northeastern University's global campus network.

Key responsibilities including but not limited to:

• Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
  
• Contribute to incident response activities across the University for all community members (faculty, students, and staff); including after-hours as needed.
  
• Consult with and advise the community as a subject matter expert in areas of information security.
  
• Creates and documents procedures for internal and external business processes which are efficient, and scalable working across the team to identify opportunities for automation and increased service maturity.
  

Threat and Incident Management:

• In collaboration with team members, and Managed Service Vendors perform cyber security monitoring, incident response, forensic analysis, and resolution of cyber security incidents.
  
• Independently examine a wide range of data, including SIEM/SOAR (QRadar/Sentinel) events, Microsoft Security events/data, to detect cyber security incidents with broad supervision.
  
• Manage incidents as they arise and structure organizational Incident Response.
  
• Maintain situational awareness of on-going cyber security threats in the broader community via mailing lists, chat channels, blog posts, social media, and news sources.
  
• Direct collaboration and oversight of service levels with Managed Service Providers and Security vendors.
  

Vulnerability Management and Remediation Tracking:

• Conduct vulnerability scanning (scheduled and ad hoc) across university systems.
  
• Identify non-compliant or vulnerable systems and conduct outreach to system owners to work through remediation, mitigation solutions or engage other IT staff or vendors for assistance.
  
• Assist managed service vendor with coordination of weekly Vulnerability Management/Patching meetings with key stakeholders and assist with research on remediation and/or mitigation solutions.
  
• Develop high quality documentation of technical systems, policies, processes, and procedures for use internally within the group, throughout the IT organization.
  
• Develop tools, scripts, or reports to enhance productivity of Incident Response and Threat Hunting.
  

Security Consultation:

• Serve the Northeastern community as a trusted advisor from the Office of Information Security for technology projects, security solutions, systems architecture, and application-level security configurations, by providing recommendations for risk mitigations or compensating controls.
  
• Direct collaboration across various units of the University, such as Human Resources, the (OGC) Office of General Counsel, and Northeastern University Research Enterprise Services (NU-RES), provides guidance regarding the implementation of technical, operational, and procedural controls which support compliance to Northeastern Security Policies.
  
• Perform assessments as assigned to determine IT security/risk posture within the University network, systems, and software applications, utilizing IT security tools and methodologies.
  

Additional Responsibilities:

• Promote awareness of applicable policy, standards, and industry best practices across the University.
  
• Respond to internal and external audits and examinations.
  
• Coordination and oversight of Managed Service providers, and Security product vendors to ensure contractual obligations, Service Level Agreements and maintenance requirements are met.
  
• Cross-train and mentor other members of the team.
  
• Recommends and develops modifications and enhancements to existing hardware and software, new implementations, and installation standards to increase system security and improve monitoring.
  

MINIMUM QUALIFICATIONS

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, Security Engineering, and relevant technical field experience in security domains (such as Network/Application/Data Security, Vulnerability Management, Client and Cloud Security).
  
• At least 3 -5 years of applicable experience in information security in a complex, heterogeneous network environment with demonstrated growth and service-oriented mindset.
  
• Knowledge and understanding of data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions
  
• Familiarity with various Vulnerability scanning and Security Operational tools, (such as Nessus/Tenable, Qualys, QRadar, SIEM).
  
• Familiar with risk assessment best practices, producing effective security metrics, and familiarity with cybersecurity frameworks such as NIST 800 (53-171).
  
• Hands-on experience with information security tools such as an enterprise SIEM and SOAR solutions, IDS/IPS, endpoint security solutions, email/web security gateways, and other security detection/mitigation devices (experience with security technology solutions particularly QRadar, Sentinel, Defender)
  
• Strong investigative mindset with an attention to detail and an ability to identify anomalous behavior on endpoint devices and/or network communications.
  
• Well-versed in the information security issues affecting educational entities and cloud-based service providers.
  
• Experience with enterprise scale platforms, services, and architecture, including Cloud Platforms (such as M365) and applicable Cloud Security principals.
  
• Demonstrate the ability to provide written and verbal communications to management to address real-time issues and incidents.
  
• Advanced problem-solving skills, ability to develop effective long-term solutions to complex problems
  
• Certifications in one or more of the following: Certified Information Systems Security Professional (CISSP), Ethical Hacker, GIAC Security Essentials (GSEC), or other relevant certifications.
  
• Strong written, and verbal communication and interpersonal skills, especially in conveying technical concepts to non-technical audiences with the creation of reports, dashboards, and presentations for various audience levels.
  
• Experience Writing and preparing technical reports, and Standard Operating Procedures/Playbooks
  
• Experience working in Agile teams with Scrum/Kanban/etc.
  
• Ability to teach and collaborate.
  

PREFERRED QUALIFICATIONS

The following Additional Qualifications are strongly preferred. If you meet some, but not all, you are still encouraged to apply; we value employees with a willingness to learn.

• Experience participating in digital forensics investigations using current technologies and practices.
  
• Experience with scripting, programming, or automation methods
  
• Experience with multiple operating systems to include Windows, Mac OS, and Unix/Linux
  
• Project Management experience, Scrum/Agile preferred.
  
• Familiarity with compliance and Privacy themes is preferable, including but not limited to Privacy and legal requirements FERPA, NIST.
  
• Previous experience in higher education preferred.
  

KEY RESPONSIBILITIES & ACCOUNTABILITIES

Operational Support

• Responsible providing security operational process support for Security incidents, and to identify non-compliant or vulnerable systems and conduct outreach to system owners to work through remediation, mitigation solutions or engage other IT staff or vendors for assistance.
  
• Contribute to incident response activities across the University for all community members (faculty, students, and staff); including after-hours as needed.
  
• Serve the Northeastern community as a trusted advisor from the Office of Information Security for technology projects, security solutions, systems architecture, and application-level security configurations, by providing recommendations for risk mitigations or compensating controls.
  

Customer Support

• Without direct supervision, perform tasks required to ensure customer satisfaction and departmental SLA's are achieved.
  
• Provide Tier 1, 2, and 3 support to customers on the services provided by the department.
  
• Provide accurate and effective documentation on all issues and problems.
  
• Provide training and documentation to Tier 1 support and other department team members on emerging issues.
  

Security Operations Support

• Responsible for general Security Operations support including Incident Response (may require outside of regular hours as needed).
  

Position Type

Information Technology

Additional Information

Northeastern University considers factors such as candidate work experience, education and skills when extending an offer.

Northeastern has a comprehensive benefits package for benefit eligible employees. This includes medical, vision, dental, paid time off, tuition assistance, wellness & life, retirement- as well as commuting & transportation. Visit www.northeastern.edu/benefits for more information.

Northeastern University is an equal opportunity employer, seeking to recruit and support a broadly diverse community of faculty and staff. Northeastern values and celebrates diversity in all its forms and strives to foster an inclusive culture built on respect that affirms inter-group relations and builds cohesion.

All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.

To learn more about Northeastern University's commitment and support of diversity and inclusion, please see www.northeastern.edu/diversity.


To apply, visit https://northeastern.wd1.myworkdayjobs.com/en-US/careers/job/Boston-MA-Main-Campus/Information-Security-Analyst_R111542







Copyright 2022 Jobelephant.com Inc. All rights reserved.

Posted by the FREE value-added recruitment advertising agency

jeid-b10a3ef7aff06341a8ca55c347855c85

Return to Search Results