Associate Information Security Analyst - Columbia SC

Job Summary

Under direct and immediate supervision, assists in administering policies and procedures which safeguard information assets from intentional or inadvertent access or destruction. Works with an individual business unit, in a specific platform environment, on specific project assignments. Work is closely checked. Errors may cause delay, expense, and disruption.

Job Summary

This position will be part of the IT Security compliance group.

Responsibilities include:

• Conduct regular vulnerability assessments using automated scanning tools to identify security weaknesses, out-of-date version, and vulnerable system across our IT infrastructure operations.
• Analyze scan results and assess vulnerabilities regarding severity, impact, and potential risk to the IT infrastructure operations and collaborate with IT teams and applications owners to prioritize and coordinate remediation via patching and/or mitigation controls.
• Generate accurate and concise vulnerability assessment reports including vulnerability exposure, risk, and remediation progress.
• Analyze and monitor technical controls to ensure that specific security controls are managed and maintained.
• Help develop security metrics dashboard and maintain.
• Assist in developing and updating vulnerability management procedures and processes and enforcing those procedures and processes.
• Review patch management data and report gaps to responsible groups to conduct risk mitigations.
• Reports control failures and gaps to stakeholders. Provides remediation guidence and prepares management reports to track remediation activities.
• Apply a risk-based approach in identifying, executing, and reporting to stakeholders for mitigation.
• Research, analysis, and troubleshoots information system compliance and security issues.
• Stay up to date with the latest vulnerabilities, exploits, security trends and general changes in technology to provide guidance on how these affect the security of our business.

Required Knowledge, Skills, Abilities & Experience

Required Knowledge, Skills, Abilities & Experience

0-2 years directly related experience.

• Diverse knowledge of information security as well as ability to clearly present and communicate on technical subjects to various audiences.
• Basic understanding of risk assessment methodologies and ability to evaluate vulnerabilities’ potential impact to the IT infrastructure operations.
• Detail-oriented approach to analyzing scan results and identifying false positives.
• Knowledge of cyber security principles and solutions.
• Basic experience in Information Technology and business analysis.
• Must have strong analytical and critical-thinking skills.
• Ability to work independently and collaboratively across teams.
• Excellent organizational skills with strict attention to detail.
• Creatively developing approaches to problems and recommending actions to management. 

Preferred experience

• Proficiency with vulnerability scanning tools such as knowledge of Tenable Security Center.
• Experience with Microsoft SQL and Oracle database
• Experience with Microsoft power Tools.
• Experience with Regex and Microsoft PowerShell.
• Experience with Microsoft Endpoint Configuration Manager (SCCM) and Group Policies (GPO)
• Experience with NIST Common Vulnerability Scoring System (CVSS)

Education Requirements

Bachelor's degree or an equivalent combination of education and demonstrated related experience may be accepted in lieu of preferred level of education:

Preferred Discipline(s):  Computer Science, Computer Engineering, Information Systems, Math or Business or technical equivalent.Other disciplines may be substituted for the preferred discipline(s) .

Licenses, Certifications, or Quals Description

Working Conditions

Other Working Conditions

The ability to be available for On call 24 hours including weekends/holiday.

Test Description