Information Security Analysts SkillsPACK

11-50 employees

Information Technology

Information Security Analysts

Contract

In person

Company Overview

Releases upcoming

If you've received this job template as a recommendation, we're actively adding employers in your area with open positions like this. Stay tuned for updates!

Customize this section from your company profile.

Learner & Earner

Job details

Each Open Job posting will contain unique job details.

Employer

Bookmark this job template for quick access in your templates folder whenever you're setting up a new job posting.

Take note

These are Verified skills that candidates near you are sharing with our recommender.

Job details

Required skills

Develops and deploys security models (e.g., BellLaPadula model, Biba integrity model, ClarkWilson integrity model)
Verifies minimum security requirements are in place for all applications
Provides advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans
Documents all systems security implementation, operations and maintenance activities and update as necessary
Documents communications produced during the incident
Understands security objectives, operational objectives, and trade-offs
Ensures security policies and procedures provide for performance audits and effectiveness reviews
Develops procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements
Understands and follows Personal Health Information (PHI) data security standards
Applies security policies to meet security objectives of the system
Mitigates/corrects security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative
Applies service-oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements
Assigns and labels data / information according to the appropriate class or category of sensitivity
Utilizes knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Makes appropriate changes to system security to ensure that vulnerabilities
Installs, integrates, and optimizes system components
Applies systems performance and audit data for policy compliance
Uses information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
Applies cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Posts Incident Activities and Analysis
Verifies and updates security documentation reflecting the application/system security design features
Utilizes knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]) in security function
Assesses and reports problems
Identifies and follows national and international laws, regulations, policies, and ethics as they relate to cybersecurity
Designs the integration of hardware and software solutions
Assesses adequate access controls based on principles of least privilege and need-to know
Implements system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation
Recognizes legal trends that will impact cyber activities
Applies maintenance, upgrades and process changes
Provides input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials)
Understands and follows Personally Identifiable Information (PII) data security standards
Performs system backups
Applies security policies to applications that interface with one another, such as Business-to-Business (B2B) applications
Integrates automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system
Analyzes and reports system security posture trends
Understands and integrates Payment Card Industry (PCI) data security standards
Develops maintenance and upgrade plans
Performs security reviews, identify gaps in security architecture, and develop a security risk management plan
Understands the role of encryption algorithms, cryptography and cryptographic key management concepts within security systems
Plans and recommends modifications or adjustments based on exercise results or system environment
Ensures cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level
Analyzes and reports organizational security posture trends
Ensures all systems security operations and maintenance activities are properly documented and updated as necessary
Assesses the effectiveness of security controls
Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed
Applies knowledge of the systems engineering process in system design and implementation
Assesses all the configuration management (change configuration/release management) processes
Implements enterprise key escrow systems to support data-at-rest encryption