The Information Security Analyst will be part of the Information Security Governance, Risk and Compliance Group. This position will work closely with the Director of Information Security & Assurance to provide timely and quality service to ensure compliance with the firm's information security policy and procedures. This position will be responsible for maintaining continuous monitoring activities in support of the ISO 27001:2013 control environment while performing threat detection and remediation.
This professional should have experience with malware and knowledge of threats/attacks. This person will be actively looking for attacks independently and reporting back in a team setting. Person must understand the methodology behind the attacks and how they are carried out. Must have excellent communication skills and great articulation, as they will be the first and main contact speaking with all employees at the firm affected by any type of threat.
Location: Currently remote with tentative end of June return to office. This role will be expected to be in the office when it is safe to do so.
Status: InfoSec Exempt Position
Must be eligible to work in the US without requiring sponsorship
No government clearance is required.
- Minimum of 3 years' experience in an information security professional role.
- Knowledge of security issues, techniques and implications across computing platforms.
- Knowledge of ISO 27001:2013 control framework.
- Knowledge of threat-actor methodology and malware analytic methods
- Experience with cyber threat research and analysis
- Experience with vulnerability scanning tools.
- Knowledge of information security policy, standards and industry best practices.
- Excellent written and verbal communication skills.
- Bachelor's degree in computer science, information systems or related field preferred, not required.
- Preferred security and privacy certifications from ISC(2), ISACA, SANS, and IAPP
location: WASHINGTON, District of Columbia
job type: Permanent
salary: $73,200 - 100,000 per year
work hours: 9am to 5pm
- Perform technology risk assessment activities and audits of systems, applications, infrastructure and operational processes.
- Perform threat hunting, response, research, and analysis activities.
- Perform threat detection, containment, escalation and resolution.
- Perform malware sandbox detonation and behavioral analysis.
- Perform technology platform vulnerability scanning activities.
- Track through resolution identified security incidents and vulnerabilities.
- Perform continuous review of cyber threat warnings, bulletins, and alerts.
- Assists with information security incident response activities.
- Successfully sets priorities, performs tasks in an orderly fashion, and meet time deadlines.
- Demonstrates agility and is flexible with changing priorities.
- Maintains departmental records and standard operating procedures.
- Submits all required reports accurately, and on time.
- Experience level: Entry Level
- Minimum 3 years of experience
- Education: Bachelors
- ISO 27001
- Information Security (3 years of experience is required)
- Threat-actor methodology
- Malware analytic methods
- Cyber Threat Analyst
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.