Information Security Analyst 3

Position Summary

The Information Security Analyst III will work under the direction of the Information Security Manager to respond to security events, assess vulnerabilities, and minimize risk to maintain the confidentiality, integrity, and availability of CoServ Information and Information Systems. As a senior level information security position, the Information Security Analyst III manages various programs (such as Vulnerability Management, Incident Response, etc.), and also performs key tasks to include the development, reporting, and dissemination of information security metrics pertaining to the CoServ information security program, training junior level Analysts, and responding to information security incidents.

Primary Position Responsibilities

• Perform tasks at the direction of the Information Security Manager in support of various security programs in support of security policy, regulatory requirements, and standards.
• Develop tactical procedures relevant to security areas they are assigned, to include security program documentation/plans, and response plans/playbooks.
• Administrates, monitors, and troubleshoots Information Security systems (to include EDR, IDR, MDR, TVM, and XDR) in support of security operations and event investigation.
• Reviews logs, reports, and events to detect potential security incidents. Performs security incident response Analysis, Containment, Eradication, and Recovery efforts with IT/OT teams. Generates Incident Response Reports.
• Reviews various sources of Threat Intelligence to identify potential threats to CoServ, makes recommendations and implements remediation actions. Performs Threat Hunts and digital forensics as needed.
• Establish and maintain strong working relationships with Business, IT, and OT stakeholders, communicate and clarify security-related roles & responsibilities with them, and leverage those relationships to enhance the security of endpoints, infrastructure, network, and software.
• Works with Business, IT, and OT stakeholders to develop system baselines, and support change and configuration management processes.
• Routinely monitors and communicates vulnerability metrics with various system owners and stakeholders in support of timely remediation.
• Support business projects and analyze provided systems information in support of identifying security risks and vulnerabilities and communicating remediation recommendations with associated project teams.
• Performs vendor security risk assessments using established processes and advises on opportunities to reduce security risk in alignment with risk appetite.
• Identifies security capability metrics opportunities and gathers data in support of reporting to reflect the current CoServ Information Security risk landscape.
• Assess, monitor, and report on the current corporate information security climate to the Information Security Manager, to include the identification of security risks/gaps, strengths, and opportunities.
• Identify opportunities to expand CoServ security awareness and training needs.
• Aid in the training of junior Information Security Analysts.
• Complies with established CoServ safety and operating rules, procedures, and guidelines. Responsible for reporting unsafe practices to a supervisor.
• Complies with established CoServ Information Security Handbook, policies, procedures, and guidelines. Responsible for reporting suspected information security incidents to Tech Support.

Secondary Position Responsibilities

• Has a high-level understanding of Regulatory Requirements and Information Security Frameworks and responds to efforts to meet CoServ Information Security obligations.
• Performs other duties and activities as directed or required

Position Requirements

Education, Experience, and Certifications Required

• High School Diploma or G.E.D.
• Bachelor’s Degree in MIS, Computer Science, or equivalent work experience.
• CISSP or equivalent.
• 7+ years experience in Information Security with a focus on information security risk, incident response, or compliance.
• Experience in responding to Cyber Incidents, Threat Hunting, Forensics, working with various SIEM and Incident Response and Detection technologies.
• Experience in performing Vulnerability Scans, Application Scanning, and developing Security Baselines. Able to dissect vulnerability metrics, prioritize vulnerabilities based on risk and current environment, and communicate remediation steps with IT Departments.
• Knowledge of Security Technologies architecture including Firewalls, SIEM, IPS, and Malware Detection and Prevention.
• Working knowledge of Linux and Windows OS, networking protocols and services, and the OSI model.
• Knowledge of various security tools to include port scanners, protocol analyzers, vulnerability, and penetration testing tools.
• Knowledge of assimilating Threat Intelligence reports and feeds.

Education, Experience, and Certifications Preferred

• Working knowledge and administration of the following: Cylance, Darktrace, KnowBe4, and Rapid7 or similar technologies.
• 3-5 years’ experience in Information Security within the Energy or Utility Industry.
• General knowledge of IT/OT Risk, Vendor and Supply Chain Risk.
• Knowledge of C2M2, PCI, HIPAA, and General Knowledge of Security Frameworks and Regulatory Requirements.
• Experience utilizing EDR/MDR/NextGenAV/Artificial Intelligence Tools.
• Experience with Darktrace, Rapid7, and SentinelOne applications.
• Experience within utility environments and knowledge of SCADA network topology and protocols.

Skills and Abilities Required

• Must be able to work independently, in a fast-paced environment, manage multiple projects and tasks, be able to effectively communicate security requirements to technical members in other IT/OT departments.
• Must have an Analyst mindset with the ability to methodically review reports, logs, security events and respond appropriately.
• Excellent organizational skills.
• Ability to work with minimal supervision.
• Excellent grammar and composition skills.
• Excellent interpersonal and communication skills.
• Proficient using Microsoft Office software (Word, SharePoint, Visio, Excel, PowerPoint, Teams, Access).

Skills and Abilities Preferred

• Penetration Testing with various Platforms such as Kali Linux, Metasploit, etc.
• Scripting languages such as Python, Perl, or JavaScript.
• Experience with PowerBI or PowerShell.
• Team oriented performer, focused on the tasks and goals of the organization.
• Motivated self-starter with attention to detail.
• Must be able to generate reports using Excel, PowerBI, or various scripting languages.

Physical Requirements

• Operates office equipment such as a computer, telephone, fax machine, copier, etc.
• Indoor, office environment.
• Ability to lift a minimum of 25 pounds.
• Ability to drive occasionally as needed.
• Ability to sit for long periods of time.
• Requires frequent sitting, standing, walking, bending, and reaching.

Other Requirements

• Must have and maintain a valid Texas driver's license.
• Must have reliable home high-speed Internet service for situations where remote work is necessary.
• Works extended hours as needed or directed.
• Must be able to respond to security incidents during off hours as needed.