on Security - Cyber Threat Analyst at Addison Group
The Information Security Analyst will be part of the Information Security Governance, Risk and Compliance Group. This position will work closely with the Director of Information Security & Assurance to provide timely and quality service to ensure compliance with the firm’s information security policy and procedures. This position will be responsible for maintaining continuous monitoring activities in support of the ISO 27001:2013 control environment while performing threat detection and remediation.
Duties & Responsibilities
- Perform technology risk assessment activities and audits of systems, applications, infrastructure and operational processes.
- Perform threat hunting, response, research, and analysis activities.
- Perform threat detection, containment, escalation and resolution.
- Perform malware sandbox detonation and behavioral analysis.
- Perform technology platform vulnerability scanning activities.
- Track through resolution identified security incidents and vulnerabilities.
- Perform continuous review of cyber threat warnings, bulletins, and alerts.
- Assists with information security incident response activities.
- Successfully sets priorities, performs tasks in an orderly fashion, and meet time deadlines.
- Demonstrates agility and is flexible with changing priorities.
- Maintains departmental records and standard operating procedures.
- Submits all required reports accurately, and on time.
- Minimum of 3 years’ experience in an information security professional role.
- Knowledge of security issues, techniques and implications across computing platforms.
- Knowledge of ISO 27001:2013 control framework.
- Knowledge of threat-actor methodology and malware analytic methods
- Experience with cyber threat research and analysis
- Experience with vulnerability scanning tools.
- Knowledge of information security policy, standards and industry best practices.
- Strong written and verbal communication skills.
- Bachelor’s degree in computer science, information systems or related field preferred, not required.
- Preferred security and privacy certifications from ISC(2), ISACA, SANS, and IAPP