Cyber Security Analyst Jobs

Role: Cyber Security Analyst

Direct Hire- Full Time

Salary: $90-95K

Portland, OR

*C2C and third party vendors not accepted at this time*

Ledgent Technology has once again partnered with a key employer in the Portland Metro Area for their open Cyber Security Analyst role!

Job Overview

· The Cybersecurity Analyst I is responsible for identifying flaws in our client’s technology systems and to proactively respond and develop solutions to address identified flaws.

· Reporting to the Information Security Officer, this position will implement and maintain information security policies, procedures, standards, and guidelines necessary to ensure the confidentiality, integrity and availability of the organizations information systems and data.

· Provides day-to-day operation & maintenance to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access.

· Interfaces with users to understand their security needs and implements procedures to accommodate them.

· Ensures that users understand and adhere to necessary procedures to maintain security.

Essential Duties

· Monitor computer networks and systems for threats and security breaches

· Triage alerts and incidents, escalating as necessary for further analysis, and recording details on those events through our client’s ticketing system

· Formal reporting as required for major incidents

· Install, configure, and update security software and firewalls

· Scan systems for vulnerabilities, validate mitigating controls, and report identified risks

· Evaluate potential threats to the organizations information systems by monitoring open-source intelligence, Information Sharing and Analysis Centers (e.g., Health-ISAC), and commercial threat intelligence feeds

· Manage and operate security tools, including but not limited to, SIEM, AV/EDR, M365 Security Center, Firewalls, and log management

· Configure and validate appropriate logging of all security events, monitoring, and alerting per policies and standards

· Identify, evaluate, and remediate vulnerabilities in the organizations information systems through a formal risk-based vulnerability management program

· Collaborate with the IT Leadership Team to implement a formal cybersecurity framework (CIS Critical Controls, NIST CSF, etc.) to ensure best practices are followed in protecting the confidentiality, integrity and availability of the organizations data and information systems

· Stand as a point of contact that provides guidance on general questions related to security policy, procedures, guidelines, and standards; escalating to the Information Security Officer as needed

· Support the regular auditing of information systems configurations and access controls, including gathering evidence and reporting results

· Support regular security assessments, including penetration tests, phishing campaigns, internal control audits, and cybersecurity awareness training

· Maintain detective controls to monitor the organizations networks, systems, and applications for violations of information security polices, or indicators of compromise (IoC) and attack (IoA)

· Support the cybersecurity Incident Response (IR) plan and associated playbooks, including script development, log management and correlation, mitigating controls, evidence collection, and reporting

· Perform investigations, forensic analysis, and reporting on potential policy violations, security incidents, or data breaches

· Assist in risk review of all new systems and applications prior to implementation, as well as assessing the ongoing risk of existing systems and applications

· Testing backup and recovery of critical technology systems, ensuring all services and data can be returned to production in a timely manner and reporting on deficiencies

· Evaluate and recommend new security tools and technologies to improve the organizations security posture

Qualifications

Required Education

· Bachelors degree in related field

· CEH or equivalent certification

Required Experience

· Two years direct cybersecurity experience or five plus years in a related field

.

Required Knowledge, Skills, and Abilities

· Basic knowledge of cybersecurity frameworks and best practices

· Basic knowledge of information security policies, procedures, standards, and guidelines

· Intermediate knowledge of threat actors and their motivations

· Intermediate knowledge of attacker techniques, tools, and threats

· Intermediate knowledge of security controls, monitoring/information gathering/exploit tools, and defense techniques

· Advanced knowledge of network computing environments, such as virtualization, cloud computing, and hybrid computing

· Advanced knowledge of network communication protocols, standards, architecture, and best practices

· Basic project management skills

· Intermediate programming and scripting skills

· Intermediate security assessment and penetration testing skills

· Ability to use MITRE ATT&CK framework to communicate and document incidents

· Ability to perform basic forensic analysis of systems and networks following best practices

Preferred Education

· One or more of the following certifications are desired CISSP, HCISPP, Security+, Pentest+, Network+, OSCP

Preferred Experience

· Experience working in a healthcare environment

· Experience working with a non-profit organization

· Experience working in a large multi-site organization

· Experience with Microsoft 365

· Experience implementing CIS Critical Controls

· Experience securing cloud systems and SaaS applications

Preferred Knowledge, Skills, and Abilities

· Knowledge of HIPAA, HITECH, and HITRUST regulations

· Knowledge of ITIL best-practices

· Knowledge of CIS Critical Controls cybersecurity framework

· Knowledge of MITRE Framework

We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance