Senior Information Security Analyst

Since 1923, NCCI has been committed to fostering a healthy workers compensation system. We are the nation’s trusted source for accurate, objective workers compensation information. Learn about how you can contribute to our company’s success in the following position:

Job Purpose:
Designs, integrates, and implements network, system, and application-level security. Defines standards to ensure the security of NCCI's information systems while meeting the needs of the business. Provides technical guidance to Development, Data Security, Database, and System Administration teams, etc. Supports Information Security Architects in strategic planning, new tool selection and process improvements..

Major Duties: 
Performs operating system, network and application vulnerability assessments, application code reviews, and gap analysis, identifying potential issues and recommending corrective measures to ensure the integrity of NCCI’s security infrastructure and effectively implement a continuous monitoring solution to ensure the security of NCCI systems. 
Writes custom security scripts and utilities to enhance processes such as logging and monitoring capabilities.
Provides information security Subject Matter Expertise (SME) in multi-disciplinary team settings including peer groups, vendors regarding new security tools, process enhancements and remediation activities.
Provides technical expertise in penetration test execution and system hardening.
Defines and documents information security principles, practices and associated metrics reporting.
Monitors security systems and defines alert thresholds and remediation.
Trains and mentors less experienced Security staff.
Required Education, Experience, and Skills:
Bachelor's Degree, CISSP (Certified Information Security Specialist Professional) and 6 years of experience in supporting security architecture and implementation with expertise in aspects of networks and multiple operating systems.
In lieu of the degree, additional work experience and/or trade school or applicable certifications. Years of experience requirement can be offset with demonstrated NCCI knowledge of security solutions and proficiencies in various infrastructure platforms (e.g., window servers, Unix, etc.)
• Detailed knowledge of security aspects for multiple operating systems, software, communications, LAN/WAN, wireless, VPN and network protocols in functional areas and products including, Active Directory, Cisco, networking, intrusion detection, remote access, authentication, encryption, public key infrastructure (PKI), data loss prevention (DLP), anti-malware, firewalls with very good knowledge of network administrative services types and architecture (such as RADIUS, TACACS) and DMZ Network perimeter structure and design.
• Detailed knowledge of continuous monitoring principles and knowledgeable of Security Information and Event Management (SIEM) technology.
• Detailed knowledge of application source code security review products and potential remediation options.
• Detailed scripting experience with knowledge of programming languages such as PERL, Java, .NET, etc.
• Detailed knowledge in multiple security domains inclusive of Security Management, Access Control Systems and Methodology, Telecommunications and Network Security, Cryptography, Security Architecture, Operations Security, Application and System Development Security, Business Continuity and Disaster Recovery Planning.
• Detailed knowledge of security control frameworks, standards and security best practices.
• Detailed knowledge of Database security technologies.
• Detailed knowledge of security provisioning systems for facilitation of user requests.
• Detailed knowledge of NCCI legacy systems, networks and developed applications.
• Detailed knowledge of standard software packages such as the Microsoft Office Suite, etc.
• Excellent organizational, planning, communication and problem solving skills, as well as written and verbal communication skills.
• Strong client facing skills with ability to deal and lead conversations with large technically diverse teams.
• Organized, responsive and highly thorough problem solver with strong ability to analyze information, identify and assess risks using available tools.
• Excellent multitasking skills.
• Excellent Project Management skills.
• Excellent time management skills to aid in meeting specific goals and plans to prioritize, organize, and accomplish.
• Ability to respond to Incident Management issues, Audit/Compliance reports, and Continuity Management and Risk Management concerns.
• Ability to act as lead in managing security related projects and investigations.
• Ability to maintain a high level of professionalism and confidentiality.
• Ability to be entrusted with confidential, sensitive data and business transactions.
• Ability to work well under pressure.
• Ability to be on-call and work outside of regular business hours as needed.

Preferred Education, Experience, and Skills: 
Bachelor’s Degree in Computer Information or related field; CEH (Certified Ethical Hacker) certification; SANS GIAC (Global Information Assurance Certification); PMP (Project Management Professional)

Related key words:  CISSP, CEH, IS Analyst, devsecops, intrusion detection, security monitoring, vulnerability management

At NCCI, we recognize that our employees are the reason our legacy endures today. We’re motivated by the opportunity to do challenging and interesting work, and our Total Rewards package attracts top talent. Our employees care about each other and the communities in which they live and work. Our values of integrity, respect, quality and excellence, responsibility, and commitment, guide our success.
Experience NCCI.

We require a drug screen and background check.
EEO/Smoke Free environment