Information Security Analyst
cprlorca's Information Security Analysts (ISAs) provide two critical functions for the organization. First, the ISAs serve as the subject matter experts for cprlorca and participate and help drive the strategic direction of the company's product and service lines.
The second function of a cprlorca ISA is to work directly with clients to perform a variety of Information Security testing services (outlined below). These services are aimed at spotlighting security threats while simultaneously enabling clients to meet 3rd party testing requirements imposed by laws and guidelines required by SOX, GLBA, FFIEC, FDIC, NCUA, and HIPAA.
Core Services Performed Include
- Vulnerability Assessments
- Physical Security Inspections
- IT Security Audits
- Risk Assessments
- Social Engineering
- Internal and External Penetration Tests
- Security Awareness Training/Workshops
- Training and Implementation of TraceCSO (cprlorca's proprietary cloud-based information security software)
- Phone Based/Text Based Social Engineering
- Web-Application Tests
- Compiles comprehensive written reports directly related to customers' specific risk and business plans.
- Provides oral and written post-evaluation report detailing discussions/conferences with clients to provide remediation suggestions and guidance.
- Provides timely documentation detailing systems, network and communication security vulnerabilities.
- Responsible for detailed project management documentation throughout the engagement lifecycle.
- Will provide team/project support as needed.
While most services performed by the ISA can be performed remotely, some are required to be performed onsite at the client's location. The ISA position may require up to 25% travel. Onsite engagements typically last between 2 and 4 days.
Desired Skills and Experience
- Effective verbal and written communication skills
- Computer Networking experience
- Self-driven to continuously develop professionally within the information security space
- College degree and/or equivalent IT industry training or work experience
- Security + and/or equivalent IT industry training or work experience
- Work well within a team environment
- 2-3 years of network/systems experience
Preferred Skills, Abilities, and Accomplishments
- Knowledge of security auditing tools such as NMAP, Nessus, NetCat, HPing, password crackers and packet capture tools
- Familiarity with industry recognized standards and frameworks including COBIT, ISO, NIST and/or OSSTMM
- Knowledge of FFIEC, NCUA, FDIC, HIPAA, NERC,GLBA and/or SOX compliance standards
- Understanding of CVE, BugtraqMicrosoft and/or UNIX operating systems knowledge. AIX experience is a plus.
- Sound knowledge of network protocols, operating systems and management systems
- Ability to handle basic TCP/IP troubleshooting
- Network +
If you meet the above requirements, please email your resume and cover letter to firstname.lastname@example.org.