Information Security Analyst

Job Purpose: 
Ensures the security of NCCI’s information and data assets by analyzing business needs, developing and administering technical controls, and maintaining security policies, standards, and guidelines for all computing platforms.

Major Duties:

Responsible for day to day security activities including but not limited to:

  • Maintain security for enterprise systems in one or more of the following areas:

    • Windows Server Environment

    • Linux Environment

    • Database Environment

    • Network Environment

    • Application Development

    • Endpoint Security

    • Cloud Environments (Azure/Office 365, AWS, Google Cloud)

    • Identity Governance

  • Create and Maintain the appropriate security policies, standards, guidelines, and documentation for responsible systems.

  • Implement, Administer, and Maintain security processes and technologies to ensure adequate protection of information and data assets.

  • Work with IT Infrastructure, Application Development, and the Business to ensure processes, procedures, and applications meet the requirements for security and compliance.

  • Research, identify and resolve cyber security issues by using appropriate tools to ensure problems are resolved effectively.

  • Identify opportunities and make recommendations to improve the security posture of the organization.

  • Perform security tasks during BCP/DR exercises and when an official disaster is declared.

Where appropriate, support and handle ITSM Migration, Break-Fix and Service Request tickets within the identified SLA and participate in the On-Call Rotation.

Ensures compliance with corporate security controls and procedures through diligent review of security reports and response to generated security alerts.

Leads and/or participates in the implementation of new security solutions and security aspects of new applications.Stays up to date with existing technologies and learns new technologies as appropriate.

Required Education, Experience & Skills:

Bachelor’s degree and 3 years of system administration, security administration or application development experience or a proven strong working knowledge in one or more of the following areas:

  • Windows Server Security

  • Linux Security

  • Database Security

  • Network Security

  • Endpoint Security

  • Security Information and Event Management

  • Application Development Security including Static, Dynamic Code Analysis, and DevOps

  • Cloud technologies such as Microsoft Azure/Office 365

    Identity Governance

At least one of the following: CompTIA Security+, SANS GSIF, ISC2 SSCP, CompTIA CySA+

In lieu of the degree, additional work experience and/or trade school or applicable certifications.

  • Working knowledge of information security principles and  practices

  • Working knowledge of multiple operating systems 

  • Excellent written and verbal communication skills

  • Excellent client-facing skills with ability to lead conversations with large, technically diverse teams

  • Proven learning agility skills

  • Ability to analyze, identify, and remediate risks using available tools and documented techniques

  • Ability to maintain a high level of professionalism and confidentiality

  • Ability to be on-call and work outside of regular business hours as needed

Preferred Education, Experience, and Skills:

Bachelor’s degree in computer science or related field; Any additional IT or Information Security certifications beyond one of the required certifications such as GSEC (GIAC Security Essentials Certification), CEH (Certified Ethical Hacker), Linux+, Network+, CCENT (Cisco Certified Entry Networking Technician), or CCNA (Cisco Certified Network Associate).

Finalist must pass a credit check satisfactory to NCCI.

We require a drug screen and background check.

EEO / Smoke free environment