Analyst, Information Security Job Description
Analyst, information security
provides advice and guidance to the business on information risk, including PCI DSS and regulatory/legal aspects of information processing.
Analyst, Information Security Duties & Responsibilities
To write an effective analyst, information security job description, begin by listing detailed duties, responsibilities and expectations. We have included analyst, information security job description templates that you can modify and use.
Sample responsibilities for this position include:
Respond to customer service requests per the prescribed Service Level Agreements
Develop metrics associated with the execution of the information security program escalate sensitive matters to senior team members on a timely basis
Understands vulnerabilities at an application, database, operating system and network level
Provide detection and response to security events and incidents
Coordination of issues for the Incident Response Team
Security log management and monitoring
Intrusion detections and prevention systems operations and maintenance
Vulnerability detection, assessment, and mitigation
Conduct enterprise-wide risk assessments, system security certifications and compliance audits, and vulnerability scanning of networks, servers, and systems
Expertise with implementation and operation of EndPoint Security Tools, including Antivirus, host Firewall and Host IDS
Analyst, Information Security Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Analyst, Information Security
List any licenses or certifications required by the position: CISSP, CEH, GSEC, GIAC, SSCP, OSCE, OSWP, OSCP, ISACA, ISSA
Education for Analyst, Information Security
Typically a job would require a certain level of education.
Employers hiring for the analyst, information security job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Information Security, Education, Technical, Information Technology, Information Systems, Business, Engineering, Management, Cyber Security
Skills for Analyst, Information Security
Desired skills for analyst, information security include:
HTTP
Risk Management Framework
DOD and Air Force DIACAP
Industrial Control Systems security highly desired
Information Assurance
NETOPS
FFIEC
Regulatory and audit mandates to ensure environments meet PCI
SOX and corporate standards
Authentication
Desired experience for analyst, information security includes:
At least 3+ years’ experience working as part of a mature information security function in a large enterprise preferably in the insurance, financial services or other regulated industries
Experience in a business-facing (rather than purely IT facing) information security role
Professional designations/certifications, such as CISSP, IISP, CRISC, CISA or CISM strongly preferred
Must be able to demonstrate a commitment to security and strong environmental awareness through continued professional development and learning
While this is not a hands-on technical role, qualified candidates must be able to demonstrate competence and credibility through qualifications or equivalent experience in relevant areas such as project management and business processes
Strong English communication skills, both orally and in writing required
Analyst, Information Security Examples
1
Analyst, Information Security Job Description
Job Description Example
Our innovative and growing company is looking for an analyst, information security. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for analyst, information security
- Perform tracking of all reported security events/incidents and their resolution
- Develop assessments and reports, weekly trends of incidents, and security events
- Utilize forensic tools to collect, search, recover, sort and organize large amounts of electronic information in all phases of incident response, investigation or litigation matter
- Participate in emergency response team activities for responding to various security incidents
- Provide on-call support for end users for all in-place security solutions that are partially or wholly operated by the Information Security team
- Maintaining and expanding the organization's cyber security infrastructure to provide the highest levels of security, while maintaining a balance between security and the collaboration required in research and educational endeavors
- Maintaining a high level of trust and confidentiality in working with the information security team
- Continuously maintaining an intimate knowledge of the rapidly changing cyber-security landscape by synthesizing information about cyber-security from various sources
- Performing digital forensics examinations, including malware analysis, utilizing a variety of tools
- Conduct data classification assessment and security audits and manage remediation plans as directed by senior security personnel
Qualifications for analyst, information security
- Broad work experience that spans of the information security functions - policy development, education, vendor security assessments, application vulnerability assessments, risk analysis and compliance testing
- CISSP, CISA, CISM or CRISC
- Broad knowledge of industry-standard techniques and practices
- Adept at working in a fast pace, dynamic, multi-channel environment
- Strong sense of team and support of culture
- Ability to manage multiple projects and support functions
2
Analyst, Information Security Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of analyst, information security. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for analyst, information security
- Monitors the organization’s network/infrastructure and endpoints for security breaches, infections, and other malicious activity
- Analyze daily/periodic security reports for potentially unauthorized activities, researches events, and documents findings
- Gathers cyber threat intelligence information from various internal, external, and other authorized sources and analyzes the data for consumption within the organization
- Researches the latest information technology (IT) security and cyber threat trends
- Perform Security code review, including code scan, manual confirmation and communication with product team
- Perform Penetration testing
- Provide Security training for development and QA team
- Provide technical support for product team
- Identify network and middleware security vulnerabilities and offer resolution advice
- Monitor and manage security alerts from key information security dashboards (IDS, antivirus, centralized logging, etc)
Qualifications for analyst, information security
- Experience using security vulnerability assessment tools and techniques
- Experience using Malware Remediation Tools
- Solid understanding of operating systems and platforms (Windows, iOS, Unix, Linux)
- Experience with Directory Services and LDAP
- Fundamental knowledge of network infrastructures including firewalls, VPN's, Intrusion Detection Systems, vulnerability assessment strategies, web application and device security
- Fundamental knowledge of the security requirements for HIPAA, HITECH, ISO 27001/27002 and SOX regulations
3
Analyst, Information Security Job Description
Job Description Example
Our growing company is looking for an analyst, information security. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for analyst, information security
- Assess threats, risks and vulnerabilities relating to emerging security issues
- Experience in eDiscovery, Incident Response, and Digital Forensics
- Manage client security questionnaires, client audits, and regulatory audits
- Develop and manage audits by designated deadlines
- Interface with all levels of management to assess operations and communicate results of audits, assessments, and controls review
- Work with various groups to follow-up on remediation tasks until appropriately resolved
- Assess and provide ongoing training to IT team members
- Maintain open communications with all client areas
- Assist with the analysis and interpretation of regulatory compliance requirements
- Perform duties associated with preparing company responses to client and agency compliance audits
Qualifications for analyst, information security
- Knowledge of security tools, technical security concepts, and security monitoring
- Understanding of computing vulnerabilities, exploits, attacks, and TTPs
- Experience scripting in Python, Perl, or PHP
- CISSP/Security+/GSEC preferred
- PMP/CAPM a plus
- Knowledge of Security standards (NIST/PCI DSS/ISO)
4
Analyst, Information Security Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of analyst, information security. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for analyst, information security
- Participate – in conjunction with management and HR – in the development of the core security awareness and training requirements across the company
- Perform analysis of security incidents to include source of attack, what happened, how the attack occurred, timeline and impact
- Execute incident response processes to respond to security threats and attacks such as viruses, malware, phishing and distributed denial-of-service attacks
- Creation of detection rules based on indicators of compromise that align with industry threats
- Monitoring Threat Intelligence Feeds and other sources of threat data to identify and apply countermeasure to combat threats
- Analyzing and assessing vulnerabilities in the infrastructure using automated tools
- Assisting in the evaluation, design and implementation of new technologies to enhance security capabilities
- Reviewing Identity and Access Management
- File Integrity Monitoring with integration with change management and configuration management
- Level 2 incident response and oversight of the Level 1 incident responders
Qualifications for analyst, information security
- Functional knowledge and experience with text and data representation and manipulation (XML, HTML, Regular Expressions, Scripting, SQL)
- Proficiency with common program language used in information security
- Experience working as a member of an information security incident response team, conducting computer forensics analyses and performing investigative duties related to security policy violations
- Demonstrated knowledge of regulatory compliance requirements including PCI-DSS, HIPAA
- Demonstrated initiative, customer orientation and team work competencies
- Adaptability, flexibility and ability to work as part of a team or in an individual capacity
5
Analyst, Information Security Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of analyst, information security. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for analyst, information security
- Research new and upcoming security solutions to protect company and client data
- Support information security inquiries and audits
- Security monitoring and administration tasks to support new security tools and platforms
- Implement automated detection and alerting for potential security events
- Perform information security incident handling and respond to customer inquiries
- Support information security initiatives from creation to delivery
- Monitors and analyses attempted efforts to compromise security protocols
- Reviews SEIM logs and messages to identify and report possible violations of security
- Participate in knowledge sharing with other team members and industry collaboration organizations to advance the security monitoring program
- Performing quality assurance of recertification information
Qualifications for analyst, information security
- Experience with file integrity monitoring solutions
- Experience with malware protection technologies
- Experience with enterprise log aggregation technologies
- Knowledge and experience assessing and implementing internal control concepts and IT General Controls
- Ability to solve problems, while navigating a diverse technology environment
- Effective in communicating factual needs or concerns on behalf of stakeholders