About
Job Description
Job Description
Information Security Analyst
Manhattan, New York
6 Month Contract to Hire
Vaco Technology is seeking an Information Security Analyst to join our client for a 6 Month contract to hire position.
Responsibilities
* Conduct technical cyber investigations with hands-on approach
* Create and improve infosec documentation and procedures
* Be comfortable writing policies and standards and reviewing them annually
* Support our cloud migration activities and projects, extending controls and monitoring that meet the business, legal and technical requirements to safeguard data and access
* Work with our vendors and partners to help them maintain their security posture
* Deliver security awareness training for the organization relevant to their responsibilities
* Orchestrate an automated vulnerability management program that identifies, confirms, tickets and tracks remediation of platform exposures to exploits and risks
* Perform audits and analysis of network, endpoint, database, cloud services and privileged identity management logs and events
* Keep abreast of industry trends, new threats and malicious actors across platforms Key Technologies
* Qualys/Nessus scanning, Ansible playbooks, PGP/GPG keys, scripted PKI and Root Certificate Authority management, Sysinternals Suite, Burp Suite, OWASP Threat Modeling, nmap, wireshark, Kali Linux pentesting, python/perl/bash/go scripting
Qualifications
* 5+ years of infosec analyst experience and incident response
* Experience with evangelizing DevSecOps tools and techniques
* Experience with AWS/Azure products and knowledge of how to secure them
* Familiar with core principles of TCP/IP networking, DNS, routing and load balancing
* Deep knowledge of several of the following areas:
* Mobile Device Management
* Anti-Virus/Endpoint Protection
* Vulnerability Management
* Penetration Testing
* Multi-Factor Authentication/SSO
* Digital forensics, hard drive imaging
* Passion for knowledge and command of technology
* Ability to work independently as well as collaborate with others effectively
* Higher education desired, but not required
* Security certifications will be considered, but prefer qualified to certificated candidate
* Conduct technical cyber investigations with hands-on approach * Create and improve infosec documentation and procedures * Be comfortable writing policies and standards and reviewing them annually * Support our cloud migration activities and projects, extending controls and monitoring that meet the business, legal and technical requirements to safeguard data and access * Work with our vendors and partners to help them maintain their security posture * Deliver security awareness training for the organization relevant to their responsibilities * Orchestrate an automated vulnerability management program that identifies, confirms, tickets and tracks remediation of platform exposures to exploits and risks * Perform audits and analysis of network, endpoint, database, cloud services and privileged identity management logs and events * Keep abreast of industry trends, new threats and malicious actors across platforms Key Technologies * Qualys/Nessus scanning, Ansible playbooks, PGP/GPG keys, scripted PKI and Root Certificate Authority management, Sysinternals Suite, Burp Suite, OWASP Threat Modeling, nmap, wireshark, Kali Linux pentesting, python/perl/bash/go scripting