Junior Security Analyst Jobs

Description:

DEPARTMENT SUMMARY:

Holt’s Finance and Administration Department is dedicated to providing timely, relevant and accurate administrative, financial, human resource and technology services to Holt staff, families and constituents, ensuring a high level of integrity, effectiveness and efficiency for Holt’s work. The Information Technology (IT) department is committed to providing reliable, secure and efficient IT systems to support high staff productivity; ensuring a high level of integrity and effectiveness for Holt’s work.

POSITION SUMMARY:

The Junior Security Analyst (SA) is an innovative, results-oriented member of the IS team who is responsible for preventing cyber-attacks and protecting digital resources. Under the direction of the Information Technology Manager, the SA will protect the network, create procedures that each Holt employee must follow to ensure the best security, and document these efforts. The SA will also be responsible for actively monitoring all equipment and providing insight on any current software or hardware that needs upgrades and patching.

The SA secures files and other sensitive digital assets. This includes creating, monitoring and updating specific protocols that audit file changes such as updates, deletion, additions and moving, as well as penetration testing and monitoring of current digital assets.

The SA will perform risk analysis to identify any security issues that could lead to lost or stolen data, and will define enterprise level security policies and actively enforce procedures.

ESSENTIAL JOB FUNCTIONS:

1. Protects vital data by working with Holt’s DBA and Data Quality and Information Analyst to understand and help create and update Role Based security processes in all mission critical database so that employees have the correct level of access needed to do their jobs. Works with Information Technology Manager to review Holt’s Formal Change Control process so that procedures are in place for changes to key systems.

2. Performs risk analysis by identifying security issues that could lead to lost or stolen data. Provides physical security oversight and review at Holt. Reduces potential security risks by reviewing, implementing, and continually updating system hardening standards.

3. Prevents security breaches by performing recurring security and penetration testing including Nessus internal vulnerability scans, PCI external scanning of Holt’s website, and working with Vendors on GAP Analysis projects. Works with security consultants/vendors to manage security threats.

4. Manages and monitors PCI systems and the CDE (Cardholder Data Environment) Network by reviewing and assessing membership in the CDE and working with managers to make sure the employees who work with credit card information are in the CDE. Contributes to onboarding and off boarding procedures and monitors/audits CDE systems; including Vlan settings, anti-virus settings and the credit card RDP donation system. Performs the Holt self-assessment questionnaire for PCI compliance.

5. Identifies and addresses security breaches by performing monitoring of current digital assets and implementing Holt’s incident response plans and procedures. Performs annual reviews of Holt’s incident response plans including the Cyber response plan and related procedures. Plays a key role in any response plan testing and tabletop exercises. Reports any serious security issues to Information Technology Manager and/or VP of Finance & Administration immediately.

6. Maintains secure digital infrastructure by monitoring current security alerts and by patching software on key IT systems and monitoring regular patch management duties. Manages and monitors the SIEM (Security Information and Event Management) system, the RMM monitoring system and the SentinelOne system. Works with Holt’s IT Systems Technician on IT asset lists and inventories to make sure all computers and major IT devices are accounted for and encrypted.

7. Coordinates enterprise level security policies by reviewing and/or updating policies and procedures, documenting these efforts, and ensuring that they align with processes and systems in place. Verifying that Holt is following the IT policies and related documents on a recurring basis to verify compliance. Identifying and incorporating new security best practices into Holt policies when need be so that Holt is following current best practices. Works with Information Technology Manager to keep IT policies up to date and relevant.

8. Coordinates IT training at Holt by scheduling monthly online security training lessons to help employees understand security policies and procedures. Schedules special developer training for Holt’s IT contractors. Documents security and PCI training received by Holt employees and contractors. Report results to Information Technology Manager and in monthly security report.

9. Provides comprehensive Monthly Security Report to Information Technology Manager by documenting the state of Holt security systems, any threats that were dealt with, and providing an update of ongoing security efforts. Reviews report structure and adjusts report output to new systems and emerging security threats and concerns as need be.

10. Documents key IT Security efforts in IT SharePoint site in clear and easy-to-understand format. Adheres to IT security principle of “if it’s not documented then it didn’t happen”. Works with IT staff, security vendors, and Information Technology Manager to keep documentation relevant and reasonable for the overall goal of protecting Holt’s IT systems and electronic assets.

11. Contributes to the team effort by exhibiting cooperative and effective work relationships, such as responding positively to challenges, assignments, inter and intra departmental requests, participating in team brainstorm and planning meetings, and seeing beyond individual tasks to help fulfill the organizational goals.

12. Contributes to a positive, productive work environment by meeting attendance and punctuality guidelines and pre-arranging time off with appropriate notice; treating all people with dignity and respect; exhibiting good listening and comprehension skills, including giving and welcoming feedback; communicating effectively by email and phone; demonstrating adaptability in a changing environment by taking on new projects as assigned.

Requirements:

SUCCESS FACTORS:

The successful Junior Security Analyst will be detail-oriented with the ability to prioritize and self-manage a multi tasked workload in a fast-paced environment. Must have strong problem solving and analytical skills with the ability to perform multiple tasks effectively and concurrently. The successful candidate will have the ability to utilize a variety of technology platforms and must demonstrate the ability to analyze options and use sound judgment when decision-making. Excellent communication skills are very important success factor for this position.

KNOWLEDGE (MINIMUM REQUIREMENTS):

Bachelor’s degree in Computer Science, Cybersecurity, or a related field and a minimum of 3 years’ work experience in IT, Cybersecurity, Management Information Systems, or Computer Forensics and Digital Investigations AND / OR CEH, ECSA, CISSP, GIAC or VMware certifications, or the ability to obtain a combination of such certifications within 24 months of hire, as agreed upon at time of hire. Preferred skills include vulnerability testing, anti-virus and anti-malware, firewall and intrusion detection / prevention, and / or security information and event management experience. An equivalent combination of education, training, and experience sufficient to successfully perform the essential functions of the job as those listed above may be qualifying. Must have the ability to communicate effectively both orally and in writing. Must be proficient in Microsoft 365 applications. An equivalent combination of education, training, and experience sufficient to successfully perform the essential functions of the job as listed above may be qualifying.

INFORMATION PROCESSING:

Familiar with information requirements and solutions using computer network and databases as related to IT processes.

SCOPE OF RESPONSIBILITY:

Responsible for cybersecurity of Holt International’s main and field offices, as well as all vital digital infrastructure.

INTERPERSONAL COMMUNICATION:

Possess the ability to establish requirements of a project or program, and communicate them clearly to stakeholders, facilitators and partners. Is a team player and committed to providing quality service. Communicates respectfully and is sensitive to cross-cultural issues. Demonstrated abilities in technical writing, teaching, and / or public speaking preferred. Exercises good judgment, courtesy, and tact in interaction with employees and the public. Establishes and maintains positive relationships with commercial vendors.

IMPACT OF RESULTS:

Detects and prevents cyber threats to Holt International. Identifies weaknesses in infrastructure (software, hardware, networks) and finds creative ways to protect Holt’s IT systems and electronic assets.

Describe controls:

REPORTS DIRECTLY TO: Information Technology Manager, who reviews work for effectiveness and results obtained.

WORKS DIRECTLY WITH: Marketing and Development Department, Creative Services, Finance, IT, International Programs and Adoption Services staff, external consultants and vendors.