Johnson Service Group is looking for a Cybersecurity Systems Analyst II who will be reporting into the Cybersecurity Architecture and Risk Management team.
This role operates at an intermediate level.
Responsibilities:
Creates and maintains assigned security measures, product, and vendor security assessments; writes procedures, workflows, presents contents and implements assigned changes. Familiarizes with and uses software that performs cybersecurity functions related to risk management, threat monitoring, vulnerability assessment, network and device security design and configurations reviews in partnership with lead staff. Understands cyber risk level and priorities. Provides support to the end-user community and ensures they have up-to-date protection from malicious software and other cyber threats. Provides reports and other information related to cybersecurity issues as requested by management and other groups. Performs evaluation and analysis of security applications and systems and makes recommendations to management. Recommends best practices to ensure system security across the enterprise. This position utilizes knowledge and experience in own discipline but is still building higher-level knowledge and skills. Receives a moderate level of guidance and direction from supervisor, manager, and more experienced colleagues.
Understands the impact of adversary modification, disclosure, or destruction to an organization's information systems and IT assets and intellectual property to help prevent IT-based risks from realizing.
Uses technical skills to implement assigned controls to ensure cybersecurity threats and emergency security incidents in a timely manner. Collects requirements to develop solutions or improvements to prevent malicious activity.
Partners with implementing teams to executes security controls, defenses, and countermeasures to intercept and prevent attacks or attempts to infiltrate company systems.
Designs, develops, implements, and troubleshoots various information system (IS) and cyber security software.
Evaluates, codes, and implements software fixes (patches) to address system vulnerabilities.
Designs and implements information security engineering systems with requirements of business continuity and operations security.
Establishes system security designs and implements security designs in hardware, software, data, and procedures. Configures end user applications and cyber systems software.
Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities.
Prepares solution design templates, written criteria for solution and server placement for systems deployment into appropriate network zones. Supports lead staff build robust security architectures. Helps ensure compliance with corporate cybersecurity policies and procedures.
Monitors security systems for workflow triggers, actions, and follow-up communications.
Interacts with end users concerning their software or hardware product uses, vulnerabilities and any other cybersecurity risks.
Inspects systems, evaluates, and creates reports on immediate optimization or long-term changes required.
Reviews system generated logs for anomalies and takes appropriate actions.
Documents, deploys, reviews, and maintains cybersecurity policies, standards, guidelines, and procedures.
Plans and implements cybersecurity technology projects.
Provides business continuity/disaster recovery expertise.
Monitors security alerts on internet and other intelligence feeds and determines whether reported threats could impact the company’s technology or operational systems.
Provides technical consulting to other groups on cybersecurity requirements.
Implements and administers technical security systems including SIEM, VAT, network IDS, antivirus, web and email filters, and firewalls.
Implements and ensures technical security compliance solutions using NIST and CIS for NERC, PCI, FBI CJIS, HIPAA, and other regulatory requirements.
Performs cybersecurity incident response activities as requested during the normal business hours.
Documents and maintains objective evidence for Cybersecurity to demonstrate NERC CIP regulatory compliance.
Creates and delivers security training materials and classes for asset owners, software developers and system administrators.
Evaluates and interprets compliance needs with security regulations, standards, and laws.
For incumbents performing as a Cyber Security Coordinator (CSC), works with the NERC Compliance Department and Cybersecurity Department to ensure that the necessary processes and procedures applicable to each NERC CIP system are developed and implemented within their respective group; reviews projects relating to the NERC CIP systems which may have a regulatory impact, and makes sure the drawings and documents for that system are updated and stored as required; coordinates NERC compliance implementation, communication, and ensures that users of the respective systems have the necessary training; continually monitors implementation efforts and reporting potential violations to the NERC Compliance Manager and respective management; communicates with the Cybersecurity Manager concerning cybersecurity concerns or actual incidents; and maintains documentation of objective evidence, including Reliability Standard Audit Worksheets (RSAWs) to demonstrate NERC CIP regulatory compliance.
This general overview only includes essential functions of the job and does not imply that these are the only duties to be performed by the employee occupying this position. Employees will be required to follow any other job-related instruction and to perform any other job-related duties requested by supervisor or management.
Minimum Qualifications:
Six or more years of experience in cybersecurity or relevant experience. A degree(s) in information technology, computer science or relevant field may be substituted per company’s guidelines for certain years of experience.
Preferred Qualifications:
One or more years of security incident response, security operations center and/or threat analysis experience.
Demonstrated experience using either an Enterprise/MSSP or cloud security SIEM technologies as an analyst.
Certified ethical hacker (CEH), Information Systems Security Professional (CISSP) or equivalent.
COMPTIA Security +, CompTIA Networking + and/or any cloud certification will be a plus
Knowledge, Skills, and Abilities:
Knowledge of information security, risk management and technology architecture
knowledge of anti-virus and anti-spam technologies
Knowledge of technology asset management
Knowledge of technology hardware and software platforms and systems
Skill in analytical and technical documentation
Skill in verbal and written communication
Skill in articulating complex, technical information to both technical and non-technical audiences
Skill in analyzing significant volumes of detailed information and understanding the security implications
Skill in understanding complex systems across diverse technical platforms
Intermediate skill level in Microsoft office and software update tools
Advanced skill level in network security and web filtering software
Advanced skill level in security vulnerability scanning tools
Ability to balance and manage competing high priority work demands
Ability to build relationships and foster teamwork
Ability to work in a team environment
Ability to support and work across multiple systems.
Ability to conduct sensitive security investigations and maintain confidentiality
Work Environment:
Majority of work hours are spent in an office environment
May require working in noisy environments in the vicinity of heavy equipment
Physical Demands:
Work involves frequent finger/hand manipulation in using a keyboard and mouse
JSG offers medical, dental, vision, life insurance options, short-term disability, 401(k), weekly pay, and more. Johnson Service Group (JSG) is an Equal Opportunity Employer. JSG provides equal employment opportunities to all applicants and employees without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, marital status, protected veteran status, or any other characteristic protected by law.
#720
