Golden 1 Logo - Large Picture Banner (Mobile)

IT - Info Sec Analysis and Investigation - Senior Information Security Analyst

Sacramento, CA, USA Req #5817
Thursday, November 21, 2024

TITLE: Senior Information Security Analyst 
STATUS: Exempt
REPORTS TO: Mgr – Information Security
DEPARTMENT: IT – Info Sec Engineering
JOB CODE: 11227

PAY RANGE: $107,300.00 - $120,000.00 Annually

 

GENERAL DESCRIPTION:

The Senior Information Security Analyst provides subject matter expertise in a broad range of information security disciplines and configuration monitoring for securing the Golden 1’s information, infrastructure, and member non-public information. Ensures information security best practices are integrated into the change and configuration management processes and ensures systems are configured for optimal support security monitoring. Actively looks for and discovers new potential cyber threats and vulnerabilities and participates in security incident response activities. Regular participant to provide internal security consultancy, as well as analyzes, supports, and assists resolve system security issues and concerns to Golden 1 internal and external business environments, and others.   

TASKS, DUTIES, FUNCTIONS:

 

  1. Lead ongoing vulnerability management activities and identification of potential threats. Coordinate and direct technology staff in the identification and remediation of system vulnerabilities across the computing environment. Escalate any immediate and severe issues accordingly to the attention of the Manager – Information Security and appropriate reporting to senior leadership. 
  2. Maintain, improve, and develop vendor supported and customized organizational processes supporting information security monitoring of asset, patch, network, vulnerability, change and configuration management.
  3. Prepares for and participates in threat hunting and security incident response activities. This includes working with Golden 1 IT and Information support teams to develop response readiness.
  4. Provide consultative support for technical and non-technical Golden 1 projects and initiatives requiring Information Security oversight to ensure policies, procedures and standards are met
  5. Define and evaluate functional requirements and specifications of security systems for both internal and external business environments.  
  6. Partners with IT Development and Support teams to ensure appropriate procedures and processes are in place to provide optimal security monitoring of on-premises and cloud system environments as well as in establishing and managing a functional anti-virus/malware/DLP policy. 
  7. Monitor, measure, test and report on the effectiveness and efficiency of information security controls as well as compliance with information security policies and procedure. 
  8. Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovation.  
  9. Train colleagues on new Tactics, Techniques, and Procedures (TTP) of cyber-attacks and mentor junior teammates.
  10. Keep management updated on outstanding issues that are not resolved in a timely manner in accordance with established escalation procedures.
  11. Work with internal and external auditors during examinations providing support and assistance in addressing audit recommendations.  
  12. Maintains a thorough understanding of state and federal laws and regulations related to credit union compliance including bank secrecy and anti-money laundering laws appropriate to the position.
  13. Performs other job-related duties as necessary.

PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASKS:

  1. Effective oral and written communication skills required with a focus on troubleshooting and error identification.
  2. Must possess sufficient manual dexterity to skillfully operate applicable computer hardware, a variety of hand tools and standard office equipment.

ORGANIZATIONAL CONTACTS & RELATIONSHIPS:

  1. INTERNAL:  All levels of staff and management
  2. EXTERNAL:  Vendors, service providers, organizational groups, and other financial institutions as needed.

QUALIFICATIONS:    

  1. EDUCATION: Bachelor of Science in Computer Science, Management Information Systems, Information Security Information Assurance, or equivalent industry experience.   
  2. EXPERIENCE:  
    • Minimum of 5 years or more hands on experience in the management, configuration, administration, installation, and evaluation of network or operating systems software (Microsoft, Linux desired), hardware and applications.
    • At least 3 years’ experience in organizational information security, information assurance or providing security consulting services. 
    • Demonstrates strong ability to investigate, handle and track incidents, analyze incident logs, assess malware, and understand vulnerabilities and exploits, along with strong operating systems knowledge.
    • Working knowledge in SIEM, intrusion detection and prevention systems (IDS/IPS), threat intelligence platforms and security orchestration, automation, and response (SOAR) solutions to centralize and manage incident and remediation workflow
    • Applicable knowledge of adversary tactics, techniques, and procedures (TTPs), MITRE ATT&ACK framework, CVSS, open-source intelligence (OSINT) and deception techniques.
    • Applicable knowledge of the NIST Cybersecurity Framework (CSF).
    • Demonstrates working knowledge of information security principles, risk assessment methodologies, security system standards including but not limited to network topology threats, vulnerabilities, filtering, tunneling, authenticating, access control, cryptography, system, and network hardening.
    • Demonstrates working knowledge of business, network systems, hardware concepts, and applications including DNS, authentication, virtualization, Database design/hardening, E-mail/secure messaging, Data Loss Prevention, and end point protection.
    • Strong sense of ethics, integrity, trustworthiness, and high level of professionalism. 
    • Demonstrates the ability to articulate methodologies and concepts; communicate effectively in providing technical guidance and expertise to management and other staff.
  3. CERTIFICATIONS:  
    • Possession of a valid California Driver’s License is required
    • Holds or working toward one or more including: CEH, Security+, SSCP, SANS GSEC, GCIA (and related) 

PHYSICAL REQUIREMENTS:

  1. Prolonged sitting throughout the workday to accomplish tasks.
  2. Availability for emergency and on call duty 24 hours a day, 7 days a week, as needed.
  3. Occasional travel may be required.
  4. Lift and carry communications equipment and computer hardware weighing up to fifty pounds.
  5. Corrected vision in the normal range required to configure, test, and troubleshoot network server hardware and data.
  6. Hearing within normal range. 
  7. Must possess sufficient manual dexterity to skillfully operate applicable computer hardware, a variety of hand tools and standard office equipment.
  8. May work additional work hours to accomplish tasks.

LICENSES/CERTIFICATIONS: 

  1. Possession of a valid California Driver’s License is required.

#LI-Remote

THIS JOB DESCRIPTION IN NO WAY STATES OR IMPLIES THAT THESE ARE THE ONLY DUTIES TO BE PERFORMED BY THIS EMPLOYEE.   HE OR SHE WILL BE REQUIRED TO FOLLOW OTHER INSTRUCTIONS AND TO PERFORM OTHER DUTIES REQUESTED BY HIS OR HER SUPERVISOR THAT ARE WITHIN HIS / HER KNOWLEDGE, SKILL AND ABILITY AS WELL AS HIS / HER MENTAL AND PHYSICAL ABILITIES.

 

REV. 10/1/2024

Other details

  • Job Family Senior Professional
  • Job Function Senior Professional
  • Pay Type Salary
  • Employment Indicator Remote
  • Min Hiring Rate $107,300.00
  • Max Hiring Rate $120,000.00
Location on Google Maps
  • Sacramento, CA, USA