Location: Albuquerque, NM // Department: Information Security
Reports to: Director of Information Security // Salary: Negotiable – Depending on Experience
SUMMARY OF POSITION:
ANM is seeking a motivated quick learner to join our fast-growing engineering focused firm to assist in building long-term, customer focused relationships and providing superior customer service and engineering excellence. We believe in delivering integrated solutions that support our customers’ business objectives through highly skilled technical resources that work closely with our customers to provide day-to-day support as a result of the successful design and implementation of innovative solutions.
A Security Analyst’s primary responsibility is to work with ANM in our Managed Security Services Team to actively monitor and respond to incidents and threats in our customers infrastructure. This includes the review of security incidents generated by our customers security devices and security logs. A keen attention to detail, with the ability to quickly assess a situation to determine the impact, and a possible escalation to the customer and or internal ANM teams will be required. A passion for security and the ability to research and be knowledgeable on the latest threats, solutions and regulatory requirements will be critical. This position requires a blend of technical competence and customer service skills to ensure the success and security of our customers.
What will you do as a Security Analyst:
- Provides quality internal and external customer service meeting ANM’s values and standards.
- Understands the current threat landscape and applies effective solutions that enables customers to protect their environment, detect events, and respond accordingly.
- Provides daily analysis and review of security information and incidents/events for managed security services customers.
- Contributes to process improvements and workflow development for the identification, measurement, management, tracking, and reporting of information risks.
- Provides continual monitoring of customer environments through the use of automated tools or manual processes to identify and address security incidents.
- Performs analysis and diagnosis of network security problems.
- Researches information security standards; threats, vulnerabilities, conducts system security, vulnerability analyses, and risk assessments; studies security architectures; identifies and is familiar with emerging security issues.
- Prepares system security reports by collecting, analyzing, and summarizing data.
- Assists in the maintenance of security architecture and infrastructure.
- Assists with the planning, management and execution of vulnerability and risk assessment projects, including managing 3rd party resources or service providers.
- Applies analytical skills and technical knowledge to solve product and network security problems of low to moderate complexity.
- Clearly documents and defines risks and potential impacts along with the probability of such an event occurring and identifying systems affected by the defined risk.
- Effectively utilizes moderate lab setups to recreate and solve problems.
- Invests time to track and understand emerging security practices, threats and standards.
Who are we looking for:
- Bachelor’s degree in computer science, business or a related field or equivalent work experience.
- Minimum of 3 years developing, implementing and supporting security controls and systems.
- GCIH, Security +, CEH, CCNA Security and or CISSP is highly desired. A combination of certifications and work experience will be considered for the right candidate.
- Advanced understanding of Information Security principles with the ability to effectively identify and prioritize security incidents.
- Knowledge in key areas such as: Firewalls, IDS, IPS, VPN, Remote Access, Security Logging, Vulnerability Management, Security Incident Response, Red Team exercises.
- Hands on experience with security devices and appliances, including the ability to interpret and understands logs and alerts from these devices.
- Experience working with incident response processes and tools, SIEMS, log analysis tools, and reporting mechanisms.
- Understand and have the ability to implement controls for common compliance requirements including: SSAE16 / SOC II, PCI, HIPAA, etc..
- Networking industry experience and knowledge of security products and protocols with ability to utilize Wireshark or similar network capture tools to diagnose IP and security related issues.
- Clearly documents and defines risks and potential impacts along with the probability of such an event and identifies systems affected by the defined risk.
- Must be a self-starter with a passion for information security.
- Ability to work on multiple projects simultaneously while providing exceptional customer service and support.
- Excellent communication skills (verbal and written), strong work ethic, and a positive attitude.