INFORMATION SECURITY ANALYST Direct Hire 100% remote US citizens and GC Holders per government contract Must be CISSP or CISA or OSCP or GIAC certified This position reports to the head of Information Security within the Legal Compliance department and will be responsible for being the liaison for escalations from outsourced and internal information security organization processes.This person must be able to help differentiate the noise from actual incidences and communicate this appropriately to the appropriate teams.A key success factor for this role in addition to excellent collaboration and communication skills is to understand and gather appropriate information on suspicious events, determine the appropriate response and communicate the issue in simple non-technical terms. Ideal Background: *Typically requires BS Degree (or equivalent experience) in an Information Technology or Computer Science field and/or at least 5 years experience performing analysis, troubleshooting of complex items, and making recommendations for information security. *Certifications in one or more of the following: Certified Information Security Professional (CISSP), Certified Information Systems Auditor (CISA), Offensive Security Certified Professional (OSCP), or Global Information Assurance Certification (GIAC) *Experience working and using network security best practices at a complex multi-site national or international company of similar size is desirable *Able to independently gather appropriate technical details of suspicious events and determine appropriate action *Ability to organize and track events, initiate scbrowans and interpret findings, communicate with technical and non-technical resources Candidates should also have: *3+ years of information security experience including experience in one or more of the following disciplines: information security monitoring, incident response, vulnerability management, business continuity, or threat intelligence. *2+ years of managing a Security Information & Event Management (SIEM) solution. *Knowledge and understanding of the following frameworks or regulations: NIST 800-53, NIST 800-171, GDPR, CMMC, or MITRE ATT *Knowledge and understanding of data security controls related to endpoint protection, firewalls, intrusion detection systems/intrusion prevention systems, email & web content filtering. *Excellent written and verbal communication skills. Demonstrated success writing and summarizing technical events *Strong understanding of information security practices related to Cisco network infrastructure and network hardware. *Ability to quickly learn new or unfamiliar technology and products using documentation and internet resources *LAN/WAN and Network Security experience. *Experience working in highly compliant networks/systems. What you will work on: *The candidate will be partnering with non-technical and technical individuals to resolve incidences and spread awareness. *Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization. *Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. *Management and configuration of endpoint protection systems. *Provide audit record reduction and report generation to support on-demand analysis and reporting. *Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. *Configure and monitor logging systems including a Security Information & Event Management (SIEM) system. *Receive and response to cyber threat intelligence from information sharing forums and sources and communicate to stakeholders. *Monitor system security alerts or advisories and be prepared to take action and remediation. *Develop and maintain procedures related to a variety of security incidents.