Cyber Security Analyst

SUMMARY

Under the direction of the director of information technology (IT) and director of operations, the cyber security analyst is responsible for implementing and monitoring security measures to ensure the confidentiality, integrity, and availability of company data and infrastructure. The cyber security analyst’s work includes delivering cyber security incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. The cyber security analyst works closely with the IT Key Management Area (KMA) to ensure systems and networks are designed, developed, deployed, and managed with an emphasis on effective security and risk management controls.

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

ESSENTIAL FUNCTIONS AND RESPONSIBILITIES

To perform this job successfully, an individual must be able to accomplish each essential function satisfactorily.

• Oversee the security configuration for MS365, servers, network infrastructure and applications
• Monitor and maintain the cyber security environment, including access controls, threat detection, and mitigation
• Monitor public security related resources for new and emerging cyber security threats
• Evaluate emerging security products and technologies
• Assist in all phases of project cycles from research to completion including project timelines, internal/external resources, status reports and budgets
• Develop and maintain detailed systems documentation, diagrams, processes, and procedures for security technologies
• Maintain the change management process
• Lead the implementation of plans and roadmaps for key security programs and initiatives
• Act as main point of contact for security-related issues, aiding end users as needed
• Collaborate with third-party vendors to ensure compliance with company policies and adherence to established standard operating procedures (SOPs)
• Monitor and respond to security information event monitoring and security operations center alerts
• Verify backup and disaster recovery annual testing
• Provide annual security awareness training – present and ensure compliance
• Complete phishing awareness and testing
• Assist with information gathering and participate in annual risk assessment
• Establish and maintain regular communications with the director of IT regarding pertinent cyber security activities;
• Enter time and expenses accurately and timely
• Handle and process confidential information with complete discretion
• File projects and materials according to Pinnacle’s internal filing system
• Regular, predictable and punctual attendance during core hours

SUPERVISORY RESPONSIBILITIES

This position does not have supervisory responsibilities.

COMPETENCIES

• Ability to:
  • Prioritize workload, meet critical time deadlines and function with minimal supervision
  • Resolve complex, multi-layered issues independently
  • Proactively minimize or prevent issues through forward thought and advanced planning
  • Identify, prepare, and present group training
  • Train and mentor others in areas of expertise
  • Remain calm in stressful situations
  • Communicate effectively to convey information with all levels of staff and management
• Knowledge of threat rating and risk management procedures (CVE, OWASP)
• Knowledge of Microsoft 365 Security and Compliance
• Knowledge and experience in relational database management systems and other database products including Microsoft SQL Server, MariaDB, and PostgreSQL
• Excellent analytical skills
• Strong technical writing skills
• Knowledge and experience with scripting and coding skills (SQL, PowerShell, VBScript)
• Knowledge and experience with NIST Cyber Security Framework gap analysis
• Experience with multi-factor authentication and conditional access

EDUCATION AND/OR EXPERIENCE

• Minimum Bachelor of Arts or Bachelor of Science degree from an accredited college or university; a degree in computer science or information systems preferred
• Minimum two years of experience in a security analyst or related position
• Experience with multiple operating systems including Microsoft Windows workstation and Server
• Experience with Linux/UNIX based technologies including Red Hat, Ubuntu, and Alma
• Experience with Cloud environments such as Microsoft Azure and Microsoft 365
• Experience developing and administering custom application security testing (Unit tests)
• Virtualization VMWare, or equivalent
• Knowledge and experience with network routing, firewall, and VPN; Exchange, Database, Web, FTP, Terminal Services
• Knowledge of common security information event monitoring (SIEM) functionality and threat hunting

The base salary range for this position is $90,000 to $110,000. This position is also eligible for an annual performance bonus. The salary for this position is based on multiple factors, including but not limited to, the candidate’s experience, education and skills.

Pinnacle provides a comprehensive benefit package including 401k with company match and profit sharing; exceptional medical, dental and vision insurance; paid vacation, sick time, parental leave, holidays, summer days and community service time; life insurance, disability insurance and wellness benefits.