Information Security Analyst

Top Information Security Analyst Skills

Below we've compiled a list of the most important skills for an Information Security Analyst. We ranked the top skills based on the percentage of Information Security Analyst resumes they appeared on. For example, 8.2% of Information Security Analyst resumes contained Ensure Compliance as a skill. Let's find out what skills an Information Security Analyst actually needs in order to be successful in the workplace.

The six most common skills found on Information Security Analyst resumes in 2020. Read below to see the full list.

1. Ensure Compliance

high Demand
Here's how Ensure Compliance is used in Information Security Analyst jobs:
  • Designed security education and awareness programs, and carried out inspections to ensure compliance with government directives.
  • Published standard operating procedures for physical controls to ensure compliance with company and government regulations.
  • Developed and implemented information security policies, procedures, and monitoring to ensure compliance.
  • Reviewed security logs to ensure compliance with policies and procedures and identified potential anomalies.
  • Perform regularly scheduled software upgrades/updates to ensure compliance.
  • Reviewed backup, password, data and network access policies to ensure compliance to DHS 4300 Sensitive Systems Handbook guidelines.
  • Identified, developed, and implemented processes and procedures to ensure compliance to security and privacy policies.
  • Work with support and security coordination team to ensure compliance with security processes and controls.
  • Assess, Implement, and document security requirement to ensure compliance with Computer Network Directives.
  • Worked with Internal Audit team to ensure compliance with SOX404 and corporate security policy.
  • Conduct audits of all classified and unclassified IS to ensure compliance with established directives.
  • Monitor and report on software licensing requirements to ensure compliance on a monthly basis.
  • Conduct periodic reviews of IS to ensure compliance with the security authorization package.
  • Conduct periodic reviews and inspections to ensure compliance with established policies and procedures.
  • Prepare evaluations of software or hardware to ensure compliance with security policies.
  • Work across functions with IT stakeholders to ensure compliance with client requirements.
  • Created semi-annual self-audit process to ensure compliance with SOX and SAS70 requirements.
  • Examined and designed policies, procedures and practices to ensure compliance with industry standards, laws and regulations.
  • Generated security polices, standards and guidelines to ensure compliance and support concept of least privilege access.
  • Provided recommendations on business cases, action plans and deliverables to ensure compliance requirements were met.

Show More

2. Vulnerability Assessments

high Demand
Here's how Vulnerability Assessments is used in Information Security Analyst jobs:
  • Conduct network vulnerability assessments using tools to evaluate attack, identify system vulnerabilities and develop remediation plans and security procedures.
  • Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
  • Conducted risk and vulnerability assessments of IT systems, providing detailed risk mitigation recommendations.
  • Perform and create procedures for system security audits, penetration-tests, and vulnerability assessments.
  • Developed and maintained a program of regularly scheduled network vulnerability assessments and reports.
  • Preformed Vulnerability Assessments and ethical hacking by utilizing automated tools and manual techniques.
  • Perform network, host, and application vulnerability assessments and security testing.
  • Prepared and ran vulnerability assessments on both unclassified and classified networks.
  • Perform and create procedures for application security testing and vulnerability assessments.
  • Performed on-site vulnerability assessments using automated testing tools and scripts.
  • Conducted vulnerability assessments and mapped composition of remote target networks.
  • Lead for JCATS security simulations for Vulnerability Assessments.
  • Provide initial and ongoing organization-wide Risk/Vulnerability Assessments.
  • Conduct vulnerability assessments using McAfee Vulnerability Manager.
  • Performed over 200 white-box vulnerability assessments and penetration tests (Web & Server).
  • Conducted vulnerability assessments and initiated remediation processes through system changes, patch deployments and network reconfigurations or other corrective actions.
  • Performed Vulnerability Assessments through ISS Vulnerability Scanner and assisted site in remediation of un-patched and vulnerable machines.
  • Performed network and host based vulnerability assessments using Nessus.
  • Hired to improve Vulnerability Assessments as a part of the IT Compliance Audits.
  • Conducted quarterly vulnerability assessments with bi-yearly penetration testing via Metasploit/Kali Linux and Nessus.

Show More

3. Information Technology

high Demand
Here's how Information Technology is used in Information Security Analyst jobs:
  • Implemented end user security awareness training programs, testing the knowledge of security compliance in relation to areas of information technology.
  • Established and managed an enterprise-wide information technology programs which ensured securing member information against both internal and external data loss.
  • Provide consultation on information security consideration during planning, development, and implementation of utility sector information technology solutions.
  • Assisted the Management Information Systems department with security certification of Information Technology system / network by the DoD.
  • Use encryption technology, penetration, and vulnerability analysis of various security technologies and information technology research.
  • Investigate information technology incidents, activate incident response measures, and provide reports and recommendations to leadership
  • Have carried out the internal audits and external regulatory carried out to information technology.
  • Conducted numerous information technology security risk assessments for U.S. Customs and Border Protection.
  • Authored three new Department Information Technology policies to close gaps in Security documentation.
  • Develop Security checklists for Information Technology Solutions based on Industry Best Practices.
  • Researched, reviewed, and updated corporate information technology policies.
  • Provide Certification & Accreditation for Information Technology solutions.
  • Reviewed and re-wrote four Department Information Technology policies.
  • Led and improved business continuity process and procedures for Information Technology (IT).
  • Performed duties related to information technology policy, compliance, and governance.
  • Researched the latest Information Technology (IT) security trends.
  • Contract Position: Federal Reserve Information Technology - Dallas TX.
  • Coordinate the creation and enforcement of enterprise level security and information technology policy.
  • Support the integration of the IT Risk Management practices into key Information Technology and business areas.
  • Provided support to the Humana Information Technology Helpdesk regarding HMHS systems issues.

Show More

4. Risk Assessments

high Demand
Here's how Risk Assessments is used in Information Security Analyst jobs:
  • Lead periodic Information Security Risk Assessments to ensure establishment, implementation and compliance of security policies, standards and procedures.
  • Conducted risk assessments for various assigned application system and produced assessment reports, recommendations, and conducted out-briefings.
  • Perform internal controls and information security risk assessments to identify inherent risk and evaluate key mitigating controls.
  • Participated in risk assessments to periodically re-evaluate sensitivity of the system, risks, and mitigation strategies.
  • Conduct risk assessments and security tests or evaluations to determine security program effectiveness and identify vulnerabilities.
  • Conduct risk assessments of information technology business processes and identify areas that require additional controls.
  • Performed Information Security Risk Assessments including penetration tests, application & vulnerability assessment scans.
  • Coordinated external audit and performed risk assessments on clinical and business systems and processes.
  • Establish security baselines and risk assessments.
  • Track remediation progress for all identified compliance violations, observations and threats identified by risk assessments and audits.
  • Performed risk assessments and penetration tests for new systems/software brought into the enterprise through the corporate architecture program.
  • Performed risk assessments/audits on a regular basis to ensure enterprise polices are being adhered to.
  • Perform system and software risk assessments using automated tools and open source research.
  • Conducted and managed Risk Assessments on over 500 of the bank's applications.
  • Performed risk assessments to help create optimal prevention and management plans.
  • Perform GLBA Risk Assessments on various internal applications.
  • Performed Risk Assessments and Audits.
  • Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
  • Established IT governance practices, performed security risk assessments, and compliance evaluations for a PAAS Cloud framework system.
  • Performed Risk Assessments to identify the potensional risks and ensure effectiveness of IT controls.

Show More

5. Information Security Policies

high Demand
Here's how Information Security Policies is used in Information Security Analyst jobs:
  • Developed enterprise information security policies, procedures and compliance guidelines for clients resulting in enhanced security for customer data.
  • Reviewed, updated, and maintained all IT and Information Security policies to comply with financial institution regulatory requirements.
  • Coordinated implementation of information security policies by collaborating directly with customers, development teams and operations/maintenance teams.
  • Provided oversight and governance to internal organizations to ensure systems abide by enterprise information security policies.
  • Monitored compliance with information security policies and procedures and referred any issues to the appropriate manager.
  • Researched information security policies based on risk-mitigating technical solutions in order to develop System Impact Assessments.
  • Identify tools and technologies available/not available to enhance effectiveness of Information Security policies and standards.
  • Conducted department and off-site site visits to ensure existing information security policies are followed.
  • Provide significant input into the development and execution of information security policies and guidelines.
  • Work closely with finance and other corporate stakeholders to develop information security policies.
  • Conducted research of industry best practices and assisted in updating information security policies.
  • Maintain and communicate Information security policies and standards throughout the company.
  • Created Corporate and Enterprise Information Security policies.
  • Develop new Information Security policies and procedures to comply with ISMS framework.
  • Designed Information Security Policies and Procedures based on ISO 27001:2013 templates.
  • GAP analysis on information security policies, procedures, and standards.
  • Implement ISO 27001 compliant information security policies, controls and processes.
  • Developed and published information security policies, standards and guidelines based on knowledge of best practices and compliance requirements.
  • Develop matrix and reporting to assess the success of information security policies and operations.
  • Coordinate efforts with Inspector General (OIG), A-123 auditors Evaluated information security policies, procedures, and processes.

Show More

Job type you want
Full Time
Part Time
Internship
Temporary

6. System Security Plan

high Demand
Here's how System Security Plan is used in Information Security Analyst jobs:
  • Reviewed and critiqued system security plans, network diagrams, and other security documentation as part of vulnerability assessment engagements.
  • Validated information system Security plans to ensure NIST control requirements are met.
  • Prepared system security plans to begin the accreditation process.
  • Categorized information systems and developed System security plan for them based on NIST SP 800-60 and NIST SP 800-18.
  • Assisted in the development and maintenance of system security plans and contingency plans for all systems under their responsibility.
  • Develop and Review System Security Plans (SSP) interfacing with system owners and engineers and system administrators.
  • Generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800-53requirements.
  • Reviewed System Security Plan(s) and other previous OIG C&A documentation.
  • Assisted in the development and maintenance of system security plans and contingency plans.
  • Develop System Security Plan (SSP) for classified systems under ICD 503.
  • Participated in the development and/or review of System Security Plans (SSP).
  • Created and updated the System Security Plan and conducted an annual self-assessment.
  • Maintained and managed various System Security Plans (SSP's).
  • Developed System Security Plans, Profiles, and Certification Reports.
  • Develop and maintain a System Security Plan (SSP).
  • Prepared and/or Updated System Security Plan (SSP).
  • Review and update system security plans.
  • Applied the NIST 800-18 to write a System Security Plan (SSP) for the OIG General Support System.
  • Maintain and update MSHA's System Security Plan, Incident Response Plan, Configuration Management and Contigency Plans.
  • Completed System Security Plan for General Support Systems (GSSs).

Show More

7. Active Directory

high Demand
Here's how Active Directory is used in Information Security Analyst jobs:
  • Managed Active Directory and performed quarterly audits.
  • Created and maintained active directory group policy.
  • Completed full audit for all Active Directory, internal IT security unit staff privileges, AIX, and HP-UX UNIX systems.
  • Account Activity- Review Active Directory, internal app and DB accounts to remove unused or stale accounts (inactive).
  • Maintained accounts in Active Directory to migrate users from the Anthem root legacy servers to the new US Domain.
  • Managed and administered access on a variety of platforms, Active Directory, SQL, Mainframe etc.
  • Assist in Network Administration (Active Directory and AS400); Setup and maintained Firewall.
  • Audit Applications with MS Active Directory or LDAP on Linux for Access permissions.
  • Experience and knowledge of Active Directory Rights Management AD RMS/Information Rights Management IRM.
  • Designed and implemented Voice Infrastructure for over 300 local users with active directory.
  • Experience and knowledge of Active Directory Federation Services ADFS and LDAP.
  • Performed the duties assigned to the Active Directory Account Administration Team.
  • Support Microsoft Active Directory 2003 & Exchange 2007 domain environment.
  • Implemented firewall exceptions for Active Directory hub sites.
  • Lead Active Directory Administrator for MetLife TRICARE SBU.
  • Added users and computers to Active Directory Domain.
  • Created and supported over 100 Active Directory accounts.
  • Attended daily Qualification meetings for new business and re-cost of Midrange Security, DSS and Active Directory business.
  • Worked on various platforms such as RACF, Active Directory, Vintella, Oracle, PeopleSoft.
  • Research and remediate any user account login issues including Active Directory, internal apps and remote access.

Show More

8. Incident Response

high Demand
Here's how Incident Response is used in Information Security Analyst jobs:
  • Monitored internal security controls to determine malicious or unauthorized activity from security devices and coordinated the response to Incident Response Teams.
  • Team leader in developing corporate security policies, practices, reporting/monitoring, and incident response protocols.
  • Resolved all fraud and virus infections in coordination with computer security incident response teams.
  • Minimized risk by monitoring and responding to threats/vulnerabilities and provided incident response services.
  • Performed incident response for data ex-filtration and virus incidents.
  • Led the Incident Response Committee which created, edited, reviewed, updated, and tested the incident response plan.
  • Ensured SOX compliance, created Incident Response program and policy based on NIST 80061, wrote Information Security Policy.
  • Experience with IT security domains such as Authentication, Audit Controls, Compliance, Forensics and Incident Response.
  • Escalated issues to manager, third party vendors and internal Incident Response (IR) team as appropriate.
  • Worked with System Owners to develop, provide training, and perform periodic testing of incident response plans.
  • Developed the base user incident response guide; refining the local incident response procedures.
  • Support and implement incident response handling (IRH) and remediation incidents.
  • Performed all aspects of proactive and reactive IT Security Incident Response.
  • Served as point of contact for managing security incident response.
  • Managed the UF incident response and vulnerability scanning systems.
  • Created and leads organization's Incident Response Team.
  • Assisted in incident response and recommend corrective actions.
  • Expedite remediation and incident response times.
  • Participate in the development and maintenance of the IT security Incident Response Plan.
  • Architected and implemented Archer eGRC solution to provide customized incident response procedures around lost/stolen laptops and smart phones.

Show More

9. Nist Security Policies

high Demand

10. Data Loss

high Demand
Here's how Data Loss is used in Information Security Analyst jobs:
  • Developed end user education materials for Data Loss Prevention Program.
  • Created Data Loss Prevention program reducing the opportunity for company data to leave company networks/devices without a record of its leaving.
  • Assist in the DLP(Data Loss Prevention) Project ensuring file shares were in line with corporate standards.
  • Assist senior managers with Data loss Prevention (DPL) for data in transit and data at rest.
  • Monitor for trends and patterns of data loss for intellectual property via outbound network traffic and removable media.
  • Improved the existing Data Loss Prevention implementation by making the process more automated when adding users or groups.
  • Work with Business Units on data classification, retention, and deletion requirements, data loss prevention.
  • Conferred with various levels of management to discuss the risks of data loss or disclosure.
  • Ensured clean desk policy was maintained in a sensitive environment to reduce data loss.
  • Provide compliance and operational security strategies to prevent data loss or theft.
  • Provided training to address data loss prevention (DLP) Privacy incidents.
  • Manage data loss prevention (DLP) rules for the email system.
  • Implemented hard drive encryption on all end points for data loss prevention.
  • Provided ownership of data loss prevention, utilizing Enterprise Recon as well as Trustwave DLP and other software.
  • Increase the accuracy and effectiveness of data loss prevention (DLP) solutions with Titus data classification.
  • Architected, designed and implemented Data Loss Prevention program utilizing various in-house written tool sets.
  • Administered and did incident response for Symantec Data Loss Prevention and Data Insight.
  • Monitor for PHI, PCI and PII Data Loss using Symantec DLP solution.
  • Implemented and maintain RSA Data Loss Prevention Datacenter globally to locate and remediate found credit cardholder data and personal identifiable information.
  • Reduced data loss through monitoring, workflow, and case management utilizing Vericept software.

Show More

11. Assurance

high Demand
Here's how Assurance is used in Information Security Analyst jobs:
  • Developed Board information assurance/security training.
  • Provided all necessary technical computer security support and information assurance services to ensure the quality and timeliness for various government agencies.
  • Implemented quality assurance program that included independent surveillance and evaluation of all networks and operational procedures.
  • Manage production scan processes to perform quality assurance on data integrity.
  • Updated quality assurance/evaluation reports and missing documentation for security controls.
  • Conducted assurance reviews on vendors of financial institutions.
  • Assisted in collecting data for trends and analysis on discrepancies to improve the Air Force and the Information Assurance Assessment Program.
  • Provide Information Assurance (IA) support for the Global NetOps Support Center (GNSC) Net Defense Team.
  • Conducted IAAP (Information Assurance Assessment Program) Inspections Air Force wide to identify security discrepancies and vulnerabilities.
  • Served as Information Assurance Functional Analyst at the DoD Information Assurance Support Environment (IASE) at DISA.
  • Provided Information Assurance Guidance for the Services Oriented Architecture (SOA) Initial Infrastructure Build (IIB).
  • Mass re-image/upgrade systems of returning Army units to stateside IA (Information Assurance) standards.
  • Audit systems in accordance with company established Information Assurance Standard Operating Procedures (IASOP).
  • Supported integration of the Information Assurance - Watch Team (IA-WT).
  • Partnered with Quality Assurance to maintain metrics and achieve corporate standards.
  • Provide IA support to customers addressing their information assurance issues.
  • Perform a technical quality assurance review on all DIACAP packages.
  • Provide information assurance guidance and oversight for AIS.
  • Defined developmental requirements with program manager; ensured tool integration with existing Network Assurance procedures.
  • Review, implement and report applicable Information Assurance Vulnerability Management (IAVM) and Operational Directives (OPDIRs).

Show More

12. Disa

high Demand
Here's how Disa is used in Information Security Analyst jobs:
  • Worked with Disaster Recovery coordinator to ensure successful disaster recovery planning and recovery procedures were implemented.
  • Developed Sparrow's Disaster Recovery/Business Continuity Plan, activated twice with zero data loss.
  • Update and review disaster recovery and business continuity plan.
  • Stored and rotated most recent weekly backups in a secure facility on base in the event that disaster recovery was required.
  • Validated DISA security compliance on 57 Servers/ 2 enclaves, secured 34 TB s of missions critical data.
  • Supported ongoing Disaster Recovery and Business Continuity exercises from security standpoint, as well as from DR/BC prospective.
  • Analyzed and standardized Disaster Recovery Plan (based on Sarbanes-Oxley Act) documentation for all 14 technical systems
  • Managed projects for multiple system merges, migrations, Disaster Recovery drills and installations.
  • Maintained DISA Vulnerability Management System (VMS) database plus four remote sites.
  • Disabled old accounts and verified new account access as well as drive mappings.
  • Assist in developing and maintaining a Disaster Backup and Recovery Plan.
  • Track and write DISA Circuit packages for NGA system connections.
  • Project lead for our disaster recovery testing for 7 years.
  • Supported the Disabled Anthem root Migration Team.
  • Assisted in IT Disaster Recovery planning.
  • Participated in several disaster recovery exercises while working with management level users to identify problems resulting from executing pre-defined scripts.
  • Maintain Disaster Recovery, Emergency plan documentation Reporting and Quality Control Functional Lead.
  • Served as Primary IS Specialist "on call to implement" Disaster Recovery/Business Continuity procedures.
  • Conducted monthly and weekly audits using to ensure Terminated employees Account access were disable from all High Level Applications.
  • Analyzed intrusion logs and system processes across DISA's sensor grid for reportable incidents or events.

Show More

13. Firewall

high Demand
Here's how Firewall is used in Information Security Analyst jobs:
  • Assisted with configuration of university firewall technology and made recommendations for ongoing network and application operating system security.
  • Input security scripts into Cisco routing devices and firewall devices per Security Engineer instructed.
  • Managed creation/deletion/modification of firewall requests across campus, including vendors.
  • Administer and maintain the AlgoSec Firewall Analyzer software application.
  • Escalated all firewall production outages to management.
  • Lead Check Point Firewall implementation project to install, configure and deploy over 80 firewalls throughout the City of Tampa.
  • Presented security options to support DNS, firewall, modernization of firewalls, and inbound e-mail security and robustness.
  • Ensured security policies were applied and maintained for network devices, remote access devices, firewalls, and servers
  • Demonstrated experience working with multiple operating systems and TCP/IP, network protocols, firewall theory and packet analysis.
  • Performed 1st level firewall trouble shooting for user reported problems.
  • Managed the Firewall rules, addresses, services and NAT.
  • Assist in the approval/denial process of firewall rules based on review of the request and results of Qualys Vulnerability Reports
  • Computed and encrypted data, installed firewalls, viruses and malwares software to protect internal data.
  • Implemented a syslog server for firewall and ERP (AIX) system logging and auditing.
  • Assisted in the migration of Juniper to Palo Alto Firewalls on all RGA regions.
  • Maintain Cisco [ ] switches, chassis, routers, and firewalls.
  • Configured and Installed new Checkpoint firewalls utilizing IPv4 protocol and IP subnetting.
  • Configured antivirus programs, proxies and firewalls.
  • Administer Check Point and Netscreen firewalls.
  • Implemented and maintained Juniper and Palo Alto Firewalls to mitigate DoS, DDoS and Botnet attacks.

Show More

14. Security Assessment

high Demand
Here's how Security Assessment is used in Information Security Analyst jobs:
  • Identified and drove remediation of deficiencies discovered from security assessments performed on operating systems and applications.
  • Provide assistance with vendor risk assessment process and security assessment questionnaire.
  • Gathered Security Assessment and Remediation information for regulatory and external audits.
  • Support security assessments and development of Security Certification Authorization Packages.
  • Conducted physical security assessments and reported gaps to management.
  • Performed security assessments against live computer systems and networks.
  • Conduct independent security assessments of information systems.
  • Develop Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.
  • Develop and/or review policies, procedures, and incidents reports, IT Controls, Risk Assessments and Security Assessment.
  • Possess good knowledge of OWASP top 10, SANS (CWE) Top 25 to perform application security assessments.
  • Assisted in the development and modification of procedures and processes for ETRM Security Assessment & Remediation Management.
  • Reviewed contracts, third party security assessments, and requests for proposals to maintain legal compliance.
  • Supported security assessment reports, plans of action and milestones through data trending metrics.
  • Designed security assessments and engagements around the OWASP top 10 security threats.
  • Conduct System Security assessment to support SBA CAFS Services.
  • Generate Security Assessment Reports (SAR).
  • Lead vulnerability management and event monitoring process Conduct security assessments on all applications, infrastructure, and vendors
  • Coordinate annual security assessments: ISO based off of 27002 framework, external penetration testing and internal penetration testing.
  • Performed security assessments on new products and relationships for both IT security as well as other business areas.
  • Perform ongoing information security assessments - Novell (NetWare), and on HP NonStop Guardian, SafeGuard).

Show More

15. Security Awareness

average Demand
Here's how Security Awareness is used in Information Security Analyst jobs:
  • Participated in supporting security awareness initiatives.
  • Deliver Information Security Awareness training to new hires and organizing the annual Security Awareness Fair.
  • Mentored and evaluated operational compliance personnel to promote security awareness, business knowledge and professionalism.
  • Educated user community on security awareness and the importance of compliance with guidelines.
  • Delivered monthly information security awareness and education briefings to new personnel.
  • Developed policies and procedures and contributed to Information Security Awareness Program.
  • Developed security awareness training for Newport News Shipbuilding employees.
  • Implemented the corporate information security awareness online training.
  • Develop curricula and facilitate security awareness training.
  • Planned and coordinated annual Security Awareness fairs.
  • Implemented user security awareness program.
  • Develop IS security awareness training.
  • Developed and implemented Corporate Wide Security Awareness and Education Program for all 250 employees including 10 managers, and 5 executives.
  • Attend security awareness and relevant training programs and enlightened clients on best practices obtained in the industry.
  • Prepared and designed training manuals to increase security awareness among the employees of the organization.
  • Performed corporate brown bag security awareness sessions on Mobile Security and Bring Your Own Device.
  • Developed and published security awareness newsletters for end-users and extranet clients.
  • Ally Bank) and Residential Information Security Awareness Training; wrote and maintained training via CBT.
  • Conducted New Hire Security Awareness Training for all new hires at Akamai global wide.
  • Assisted in the development, management & maintenance of the Information Security Awareness Program.

Show More

16. Network Security

average Demand
Here's how Network Security is used in Information Security Analyst jobs:
  • Utilized hacking techniques and tools to test overall network security as well as event monitoring and alert correlation capabilities.
  • Directed bi-weekly internal network security scans and assessments to minimize and/or eliminate known vulnerabilities on 1,100 personal computers.
  • Conduct risk assessments and collaborate with clients to provide recommendations regarding critical infrastructure and network security operations enhancements.
  • Researched and evaluated network security products for recommended utilization and implementation within the International Paper global data network.
  • Involved in engineering, operations, alerting, report generation and deep network security analysis.
  • Performed security investigations in response to network security incidents.
  • Managed user access to the devices on our backbone, conducting regular audits complying with our Network Security Agreement.
  • Experience with auditing processes, including Network Security, SDLC/Change Management, and IT related functions.
  • Supported AFSPC NOSC performing network security assessments, network operations, and technical support.
  • Implement, monitor and maintain network security architecture including firewalls, VPN.
  • Conducted Network Security Systems survey, design, and installation efforts.
  • Assist with projects involving network security issues and requirements.
  • Utilized Remedy to track and resolve Network Security issues.
  • Developed and Implement Security procedures and guideline to enhance network security Planned and maintained network performance and security.
  • Presented security training and awareness briefings and answered questions about email/network security and malware prevention/mitigation.
  • Hired by Edfinancial to maintain network security appliances, conduct system and software risk assessments, and perform network vulnerability scans.
  • Analyzed enhancements to the network security systems and devices, including routers, switches, access points, firewalls and VPNs.
  • Developed and maintained network security architectures including site to site IPsec VPN, DMVPN as well as remote VPN connectivity.
  • Provided guidance to the IT Support and Network Administrator on network security systems.
  • Key Contributions: Evaluated system, and network security.

Show More

17. Unix

average Demand
Here's how Unix is used in Information Security Analyst jobs:
  • Converted 43 independent Unix NIS domains to a single sign on (SSO) system that authenticates using Active Directory.
  • Conducted security audits, weak password scans, critical patching, and waiver reviews for departmental Windows and Unix systems.
  • Provided customer focused support for 100,000 end-users on mainframe, Windows NT, and UNIX security databases.
  • Review and analyze logs (Windows, UNIX/Linux, Network appliances, Applications) for 700+ customers.
  • Provide Technical Writing of the policies, guidelines and procedures on Unix Security System Administration.
  • Maintain detailed knowledge of IT, RACF, Network and Unix system requirements and procedures.
  • Perform user account provisioning of various systems and applications hosted on Unix and Windows.
  • Developed UNIX scripts - For provisioning single and bulk users into LDAP and TAM.
  • Designed security guidelines for Windows servers, Unix servers and Cisco network devices.
  • Maintain legacy IP Filter firewalls that run on a mixture on Unix/Linux servers.
  • Installed/configured Smart UPS control features on all UNIX servers.
  • Coordinate & communicate with all our UNIX business partners.
  • Automated daily usage reports via Unix shell scripts.
  • Performed IT forensics investigation on Sun/Solaris and other Unix-based systems.
  • Applied Windows Active Directory process: Experienced Security Administrator in a UNIX and Windows environment.
  • Provide UNIX ID management within the UNIX environment for project and ad hoc requests.
  • Provisioned and de-provisioned UNIX access via BoKS Security Tools.
  • Provided quarterly audits of NT, Unix and Sybase/SCD.
  • Expirenced with Unix, Windows, Oracle, and SQL.
  • Developed and maintained Unix shell scripts and awk scripts to improve reliability and repeatability of work tasks.

Show More

18. Intrusion Detection

average Demand
Here's how Intrusion Detection is used in Information Security Analyst jobs:
  • Ensured security monitoring SOX Compliance as the Tripwire application administrator (Tripwire = Centralized Host Intrusion Detection/File Integrity Monitoring System).
  • Enhanced the wireless intrusion detection/prevention security systems and evaluated wireless systems compliance to strengthen wireless security posture.
  • Analyzed, installed and evaluated Intrusion Detection Technology for detecting host and network based intrusions.
  • Performed network and host-level intrusion detection, monitoring, analysis, correlation and reporting.
  • Leverage Tenable's Passive Vulnerability Scanner to provide real-time intrusion detection and intrusion prevention.
  • Performed detection and protection activities including real-time intrusion detection and firewall protection.
  • Monitored Intrusion Detection System and Logs and escalated security incident breaches.
  • Created and escalated incident tracking reports from intrusion detection related calls.
  • Developed standard security-related device configurations for the intrusion detection system.
  • Designed intrusion detection system and the logging and auditing capability.
  • Designed and implemented Intrusion Detection and Intrusion Prevention systems.
  • Managed an Intrusion Detection system (IDS) of the corporate headquarters and Distribution Center / Disaster Recovery sites.
  • Studied network traffic through the Intrusion Detection Devices in Immigration and Customs Enforcement Security Operations Center.
  • Provided real-time intrusion detection and firewall protection for all IT resources.
  • Managed the customers' intrusion detection systems.
  • Monitored the area wide intrusion detection system.
  • Create virtual environment (VMware Player) with Linux machines and Snort IDS to understand basic concepts of intrusion detection.
  • Work with IT team to implement security provisions such as biometrics, intrusion detection systems and hardened group policies.
  • Configured tcpdump filters and snort alerts for intrusion detection system e.g.
  • Monitored logs for failed logins and intrusion detection for domestic and international users.

Show More

19. PCI

average Demand
Here's how PCI is used in Information Security Analyst jobs:
  • Stay up to date with Federal and State regulations and privacy laws such as PCI-DSS, HIPAA, among others.
  • Assisted with IT governance and compliance related concerns, including PCI-DSS (submission of quarterly scan), and SOX.
  • Support external (PCI, ISO, FEEIC) control reviews, risk assessments, and reporting as required.
  • Serve as a resource for Payment Card Initiative (PCI) - Data Security Standard (DSS) compliance.
  • Implemented technical policies throughout the organization to align with compliance initiatives such as HIPAA, PCI and SOX.
  • Develop and test a suite of monthly, quarterly and annual PCI controls to ensure continuous compliance.
  • Prepared documentation for PCI DSS, SSAE 16, SOX, IRS and general controls audits.
  • Coordinate, assist and support the annual PCI certification processes ensuring on-time completion.
  • Bring university resources into FERPA, HIPAA, and PCI-DSS compliance.
  • Assure regulatory compliance stemming from FFEIC, PCI, GLBA, HIPAA, etc.
  • Performed various research on standards including PCI DSS 3.2, HIPAA, and FERPA.
  • Assisted with compliance in areas of HIPAA, SOX, and PCI.
  • Achieved SOX/PCI compliance, with (0) material findings.
  • Mentored by external information security professionals Performed onsite PCI DSS and SOX compliance assessments for European and Japan divisions.
  • Enforce DOD, NIST, PCI-DSS security policies in regards to computer usage and Personal Identifiable Information.
  • Perform annual PCI compliance reviews of third party physical sites of datacenter and storage facilities.
  • Perform gap analysis and prepare reports to ensure PCI compliance requirements are met.
  • Access to PCI audited DB2 tables, and Mainframe datasets.
  • Lead NIST 800-53 compliance audits Published monthly security awareness newsletters Audited Information Security's policy for PCI DSS and NIST 800-53 compliance
  • Audit Group 3 application audits PCI SOX Internal vulnerability scanning using QualysGuard Vulnerability Scanner via Dell SecureWorks.

Show More

20. Security Requirements

average Demand
Here's how Security Requirements is used in Information Security Analyst jobs:
  • Performed security risk assessments, developed security risk mitigation recommendations and defined security requirements for systems, applications and networks.
  • Review and define common criteria for security requirements to determine established compliance standards to Information Support Systems.
  • Research and recommend operational and security requirements for system software and hardware upgrades.
  • Establish security requirements for new systems under development as well as existing systems.
  • Assess, implement, and document security requirements for Federal information systems.
  • Monitor controls post authorization to ensure continuous compliance with the security requirements.
  • Participate in security requirements reviews with project manager and application architects.
  • Monitor controls post-authorization to ensure continuous compliance with security requirements.
  • Detailed understanding of DoD and national intelligence agency security requirements.
  • Defined security requirements to support the business and technical requirements.
  • Executed periodical audit of the resource access to ensure the information systems and processes are in compliance with SOX security requirements.
  • Ensured system security requirements were achieved and provided security C&A packages for Designated Approval Authority (DAA) signature.
  • Assessed Security Requirements for the Preparation of Contract Statements of Work, Performance Work Statements, and DD Form 254.
  • Created and tracked POA&M and monitored controls post authorization to ensure compliance with FISMA-based security requirements.
  • Reviewed system security requirements and ensured compliance with DoD, Air Force, NISP, and FISMA directives.
  • Conducted site visits with subcontractors to ensure that they are following security requirements set under DoD contract.
  • Carried continuous monitoring after authorization (ATO) to ensure continuous compliance with the security requirements.
  • Confirm system security requirements are addressed during all phases of the system life cycle.
  • Assess, implement, and document security requirements.
  • Implemented information security requirements for IT systems throughout their life cycle from the requirements definition phase through disposal.

Show More

21. DOD

average Demand
Here's how DOD is used in Information Security Analyst jobs:
  • Showcased high levels of security during DoD sponsored vulnerability audit proving strong network protection.
  • Provided privileged and general user training for DoD Information System users.
  • Developed log requirements based on DOD regulation.
  • Ensured DoD Information Systems were in compliance with their applicable C&A documentation as well as local policies and procedures.
  • Supported the vulnerability analysis for Trouble Management System (TMS) Database (provides accurate reference shared by the IA-WT/DOD-CERT).
  • Request and maintain DoD Certification Accreditation Support Tool (MCCAST) account and ensure all documentation is uploaded and up-to-date.
  • Reviewed policies and other documentation to determine their accuracy and c completeness based on DoD and FISMA best practices.
  • Team Trainer for all new hires due to my extensive knowledge of DoD and USAF security principles and policies.
  • Used the DOD Information Technology Security Certification and Accreditation (C&A) Process (DIACAP).
  • Obtained and installed DOD PKI certificates for all unclassified Unix Apache and Netscape web servers.
  • Respond to after-hours alarms for SAP and DoD classified storage closed / open areas.
  • Provided excellent customer service and technical support to DOD & GSA digital certificate subscribers.
  • Identify controls to ensure that they are aligned with DoD 8500-2 IA Controls Guidance.
  • Registered all U.S. Army related servers with DOD component IA program.
  • Perform HUNT operations within DoD guidance and direction.
  • Monitor network traffic using DoD protocols.
  • Ensured the CIA of DoD IT resources.
  • Interacted with all the services' and the DOD CIRTs to provide solutions for field users.
  • Analyzed information security systems; created security deliverables following DOD 8500 and AR-25.
  • Conducted security audits ensuring compliance with STIGs and DoD standard security practices.

Show More

22. Cyber

average Demand
Here's how Cyber is used in Information Security Analyst jobs:
  • Provided advice and recommendations to management on protections against threats to cyberspace and communications infrastructures, based on assessments and analyses.
  • Provided SOC operations data to CYBER FORENSICS of the bank for critical issues.
  • Prepare and present quarterly cyber security updates for the Information Security Committee.
  • Assisted with email discovery for the cyber investigation unit during incident response.
  • Plan, prevent, minimize or recover quickly from cyber-attacks and other serious events and to ensure compliance with regulatory requirements.
  • Served as a back up to DNS Systems Administrator at the Cyber Asset Reduction Security Center, Pearl Harbor Hawaii.
  • Attend weekly meetings and provided feedback relating to topics within Cybersecurity policy and compliance to within the HIT directorate.
  • Lead and prepared the site for the DISA Command Cyber Readiness Inspection (CCRI) under DSS oversight.
  • Build and maintain servers and applications that provide critical tools and services used by Cyber Defense Center team.
  • Reviewed daily IT security, cyber threat/crime reports and remained abreast of current security news.
  • Decreased threat presence by 70% using threat and cyber intelligence security measures.
  • Develop and conduct on site Cyber Security Awareness training for all new employees
  • Collaborated with the Cyber Intelligence team to complete daily threat reports.
  • Assisted SPAWAR in developing Cyber Security procedures for the DMS system.
  • Assisted in Cyber Awareness training for a student body of 21,000.
  • Supported Checkpoint, Cyberguard, and PIX firewalls.
  • Project lead for the corporate annual cyber security awareness program in coordination with National Annual Cyber Security Awareness Month.
  • provided Cybersecurity services to fictional client hospital to protect both patient and financial information and databases.
  • Maintained Information Security Policy and Procedures for Loyola Marymount University Cyber Security Program.
  • Provided support and response to Subpoenas and criminal investigations regarding cyber fraud and abuse over Akamai's CDN.

Show More

23. SOX

average Demand
Here's how SOX is used in Information Security Analyst jobs:
  • Provided requested documentation for related SOX internal and external audits.
  • Developed security policy and procedures covering new and existing technology in the enterprise to meet compliance standards with HIPAA and SOX.
  • Oversee and provide data for multiple audits to include SOX, SAS70, Internal, and Customer audits.
  • Planned meetings with internal audit for controls testing, and verify IT security controls for PCI/SOX compliance.
  • Work with Audit to provide data/answers for Audit and Review of SOX (Sarbanes-Oxley) compliance.
  • Enhanced SOX audit ability by instituting policies / design for 60,000 person Lotus Notes environment.
  • Coordinated with SOX compliance officer to develop procedures to monitor and log all audited controls.
  • Monitored email and HPSM ticket queues, researched and updated accounts ensuring SOX compliance.
  • Reviewed any new resource created to determine if the SOX designation was attributable.
  • Completed SOX and Entitlement reviews, and document preparedness for ISO 9000 certification.
  • Coordinated tasks to align with SOX audit controls including Section 404 audits.
  • Served as a SOX and HIPAA Readiness Reviews and Solutions SME.
  • Generated RACF SOX audit reports, queries and spreadsheets.
  • Provide updates and recommendations in compliance with SOX.
  • Provided audit reporting for SOX audit and compliance.
  • Handled SOX process and audit support activities.
  • Developed, designed and implemented management reports to ensure proper review of SOX resources.
  • Conduct interviews, walkthroughs, and SOX testing.
  • Compile SOX (Sarbanes Oxley) metrics for compliance audits - SAS70 and ISO27001.
  • Support Sarbanes Oxley (SOX) Audit.

Show More

24. Nessus

average Demand
Here's how Nessus is used in Information Security Analyst jobs:
  • Network scanning using ISS and NESSUS.
  • Scan desktops and servers using Nessus Tenable to identify security risk and follow recommendations to install patches and correct critical vulnerabilities.
  • Assist in performing security scan on system using vulnerability scanning tools using Tenable Nessus.
  • Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using Nessus.
  • Provide monthly Nessus vulnerability scans to support continuous monitoring strategies developed by SEC.
  • Lead technician for Department of Corrections Nessus implementation.
  • Conducted vulnerability testing using tools like: Nessus, Burp Suite, Retina and Web Inspect, and analyzed scan reports.
  • Conducted Network and Application Vulnerability Assessment (NVA & OASA), using NMAP, Nessus, NetSparker, and AppDetectivePro.
  • Perform vulnerability and baseline scans on the client network using Retina Network Security Scanner (RNSS) and Nessus.
  • Performed vulnerability and baseline scans on the client network using Nessus and port scanning with NMAP.
  • Performed vulnerability scans on the client network using Tenable Security Center (Nessus).
  • Monitor and analyze results from vulnerability scans by Sunera and Nessus within the enterprise environment.
  • Designed and implemented the hospitals vulnerability scanning program using Tenable Security Center and Nessus.
  • Created custom reports in Nessus Security Center and Nexpose vulnerability assessment tools.
  • Perform Vulnerability Scan on required systems using Nessus, Burp Suite and Retina, and also analyse Vulnerability scan reports.
  • Developed and Maintained Hardening standards documents and audit/hardening scripts in Bash, Korn, and Nessus XML.
  • Perform vulnerability scans with MVM (Foundstone) and Nessus.
  • Utilized Nessus Security Center and Nexpose to conduct vulnerability and compliance scans on different subnet of the FHFA network.
  • Performed vulnerability scans of servers with Acunetix, Nessus, and Qualys and developed remediation action plans.
  • Utilize the following vulnerability assessment tools: Nessus, NMap, and Acunetix.

Show More

25. Fisma

average Demand
Here's how Fisma is used in Information Security Analyst jobs:
  • Coordinated compliance activities of diverse information security departments to support the FISMA impacted environments.
  • Utilized the automated SA&A tool, Trusted Agent FISMA (TAF), for tracking documentation.
  • Provide FISMA support to the Marine Corps Projects under PMO MC3 at SPAWAR Systems Center Atlantic.
  • Conducted privacy impact assessments, system of record notices in order to comply with FISMA regulations.
  • Performed Federal Information Security Management Act (FISMA) audit reviews using NIST 800-37 rev 1.
  • Monitored organization information systems following FISMA compliance and NIST based standards and best practices.
  • Performed Federal Information Security Management Act (FISMA) assessments on programs within NWS.
  • Provide documentation of processes and procedures to ensure FISMA compliance and audit evidence.
  • Perform security assessments using federal standards under NIST, OMB and FISMA.
  • Provide continuous monitoring support for control systems in accordance to FISMA guidelines.
  • Perform annual security control assessment of information system to ensure FISMA compliance.
  • Assisted customer in meeting the 2002 GISRA (FISMA) reporting requirements.
  • Trusted Agent FISMA (TAF) coordinator, assessing NIST documents.
  • Perform internal Security Assessment based on NIST and FISMA guidelines.
  • Perform FISMA compliance activities for numerous platforms and information systems.
  • Perform internal and external security control assessments utilizing Trusted Agent FISMA (TAF) to record assessments data.
  • Perform FISMA audit reviews to maintain on-going Authorization to Operate (ATO) of the system.
  • Provided auditable evaluation documentation in the form of reports and checklist for FISMA requirements.
  • Coordinated scans with ISSOs and Security Engineers as requested for FISMA compliance.
  • Provide program support for Health Resource Service Administration (HRSA)'s FISMA Continuous Monitoring initiative and SA&A process..

Show More

26. POA

average Demand
Here's how POA is used in Information Security Analyst jobs:
  • Assisted Team Leads and engineers with creating, validating and tracking Plan of Action and Milestones (POA&M).
  • Put together Authorization Packages (SSP, POA&M and SAR) for Information systems to the Authorization Officer.
  • Generate POA&M findings for the non-compliant settings and security deficiencies and provide a recommended remediation for each deficiency.
  • Developed Plan of Action and Milestone (POA&M) to ensure that adequate controls are implemented.
  • Developed solutions to security weaknesses while working on POAM remediation and Corrective Action Plan (CAP).
  • Created POA&M items for security team and verified completion of existing POA&M items.
  • Develop and update Security Plan, Plan of Action and Milestones (POA&M).
  • Developed action and mitigation plans with POA&M to the customers on weekly meetings.
  • Evaluate and manage POA&M for Information Systems and develop remediation plans with stakeholders.
  • Corresponded with the Information System Owners of POAM regarding the mitigation and remediation status.
  • Develop action item list and POA&M to support the remediation process.
  • Develop and maintain POA&M for all accepted risks.
  • Prepared POA&M's according to DIACAP guidelines.
  • Created Security authorization package (SSP, SAP, SAR and POA&M).
  • Created Plans of Action and Milestones (POAM) in CSAMS.
  • Maintained Plans of Actions and Milestones (POA&Ms) and provided timely updates on their status.
  • Created and maintained Plan of Actions and Milestones (POAMs) items for the Engineering Directorate.
  • Monitored and tracked Plans of Action and Milestones (POA&Ms).
  • Provided reports and created POA&Ms for open vulnerabilities.
  • Develop POA&M through Vulnerator.

Show More

27. Security Incidents

average Demand
Here's how Security Incidents is used in Information Security Analyst jobs:
  • Responded to security incidents and conducted investigations and forensics to ensure that data systems and confidential data were not breached.
  • Monitored and coordinated resolution of security incidents submitted from third party Security Operations Center (Dell SecureWork's).
  • Developed intrusion analysis techniques and countermeasures based upon security intelligence data and drafted the security incidents reports.
  • Responded to IT security incidents directing inquiries, reporting incidents, implementing corrective actions and attending briefings.
  • Monitor and report security incidents, vulnerabilities and administer a diverse suite of information security countermeasures.
  • Investigated and recommended appropriate corrective actions for security incidents, network anomalies and intrusion attempts.
  • Conduct comprehensive investigation of computer security incidents, coordinating with other organizations for expertise.
  • Analyze, escalate, and assist in remediation of critical information security incidents.
  • Coordinated responses to information security incidents after collaboration with Security Manager and Director.
  • Assisted in reporting and escalating suspected security incidents to the appropriate entities.
  • Facilitated direct support of computer security incidents affecting the DOD.
  • Review response actions to security incidents.
  • Implement security controls, perform ongoing maintenance and prevent, detect, analyze, and respond to security incidents.
  • Identified security incidents, provided supporting information to clients, and supported the client through containment and remediation.
  • Investigated security incidents using all available tools, logs, and coordination with various IT groups.
  • Provided detailed malware analysis reports to upper management of all incidents to include computer security incidents internally and externally.
  • Prepared detail practices and procedures on technical processes * Analyzed security incidents and presented a quarterly report.
  • Performed administration of IT security compliances within organization as member of security incidents response team (SIRT).
  • Escalate Non Conformities, exceptions and security incidents.
  • Lead and Managed Global Security Incidents (SIM) Provided training to Product heads and onboarded new employees on SIM process.

Show More

28. Mainframe

average Demand
Here's how Mainframe is used in Information Security Analyst jobs:
  • Centralized administration for Information Security support, problem analysis & resolution to all Mainframe security access request for applications.
  • Provide centralized computer security administrative support for all sites centrally managed mainframe computer security systems within assigned data center.
  • Developed and implemented mainframe monitoring standards and procedures for the Analysis and Investigation group.
  • Monitor and recommend security enhancements to applications, IDS, IPS, HIDS, WAF, Mainframe, etc.
  • Served as Lead Information Security Specialist on daily, weekly, monthly and yearly mainframe monitoring controls.
  • Distributed mainframe access request to analysts for processing via OARS (Online Automated Request System).
  • Retail & General Mainframe support on TSO, WSAT and Hogan applications for financial centers.
  • Trained new hires in areas of mainframe monitoring, reporting and security software tools.
  • Served as Level 2 Lead for mainframe escalation and resolution for access violations.
  • Complied with corporate procedures and policies for mainframe applications and user issues.
  • Coordinated mainframe privileges for Senate employees and access for vendor maintenance.
  • Conduct research and provided solutions to end-user connectivity to the mainframe.
  • Supported Mainframe legacy applications and systems via RACF and VRA.
  • Project leader to install vendor applications on the mainframe.
  • Maintained mainframe system connections for Bank of America associates.
  • Conducted the mainframe security conversion CA/TopSecret to IBM/RACF.
  • Revised and implemented baseline Technical Security Requirement (TSRs) for the mainframe platform.
  • Provision network access for Windows, Mainframe and UNIX systems in a 30,000 user environment..
  • Monitor System security configurations on Mainframe, and Windows AD.
  • Managed GEAC accounts for financial applications on Mainframe system (Labor Distribution, Weypac, Lawson, and Macpac).

Show More

29. Security Issues

average Demand
Here's how Security Issues is used in Information Security Analyst jobs:
  • Diagnosed and resolved security issues, and escalated more complex items to Network/Systems Administration staff.
  • Provided and received feedback on important security issues that impact the university's security infrastructure.
  • Researched and maintained knowledge base regarding information security issues, solutions and potential implications.
  • Advised senior management by identifying critical security issues; recommending risk-reduction solutions.
  • Analyzed systems for security issues and procedures to ensure accurate documentation.
  • Coordinate with University departments on security issues to provide technical assistance/training.
  • Researched security issues relating to security audits.
  • Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
  • Participated in the review of existing data systems security issues and procedures and provided feedback based on those findings.
  • Provide business and technical advice on a wide variety of information security issues, concerns, and problems.
  • Resolved IT integration security issues; while leading the base migration onto the Air Force Network.
  • Assisted the Legal, Compliance, and Human Resources departments with regulatory and personnel-related security issues.
  • Provide direction and guidance to other employees with regard to security issues.
  • Assess threats, risks, and vulnerabilities from emerging security issues.
  • Created awareness among the team members on the ongoing security issues.
  • Coordinate system security issues with AF DCGS stakeholders.
  • Single point of contact (SPOC) for all technical security issues for Wells and legacy Wachovia clients.
  • Assist in the review of existing systems security issues and procedures.
  • Help team to remediate security issues with sample code Vulnerability Management for information security.
  • Register Authority) Monitor and advised on information security issues related to the systems and workflow at ORC, Inc.

Show More

30. Access Control

low Demand
Here's how Access Control is used in Information Security Analyst jobs:
  • Supported International Traffic in Arms Regulations compliance related to controlled data by implementing policies and processes to ensure appropriate access controls
  • Provided dedicated and secure access control for high-security Active Directory and UNIX accounts.
  • Standardized access control processes to remedy potential segregation of duties issues.
  • Created, updated, and deleted users profiles to maintain the integrity of access controls based on current policies and procedures.
  • Administer access control services for all system accounts supporting corporate business applications, and IT services groups.
  • Assist visitors with access control requirements, issue visitor badges, maintain security logs and access rosters.
  • Processed and maintained all users' network access control accounts within Active directory and Microsoft exchange server.
  • Managed a security team of skilled security professionals in Securing Access controls (categories and controls).
  • Provided business access control measures; strong SOX regulatory compliance experience, SAS70 experience.
  • Provide network access control, account management and security Windows XP/2007, Server 2003.
  • Provided security systems programming of alarm, video, and access control systems.
  • Develop and implement access controls, separation of duties, and roles.
  • Provided alarm, video, and access control field device functionality testing.
  • Design, build and maintain the access control systems for Chrysler L.L.C.
  • Process HSPD-12 Access Control Request, Process SCI PKI Certificate request.
  • Managed physical security policies, standards and guidelines for physical access control utilizing Honeywell Winpak.
  • Implemented and managed access controls for IBM user resources (e.g.
  • Monitored and audited firewall syslog and access control zones.
  • Operated and monitored badging and access control systems.
  • Access Controls down to the CCI level on eMASS and map them to their corresponding Artifacts within the eMASS system.

Show More

31. VPN

low Demand
Here's how VPN is used in Information Security Analyst jobs:
  • Reviewed firewall, VPN, web filtering, proxy, mainframe, and application log files and maintained logging tools.
  • Proof of concepts on Data Loss Prevention (DLP) platforms Encryption products and PGP and VPN issues.
  • Determined connection requests from VPN clients to be authenticated by a Remote Authentication Dial-In User Service.
  • Provided SSLVPN training to the Help Desk to enable them to provide level 1 support.
  • Designed and deployed Cisco ASA VPN solution to provide remote access for several thousand employees.
  • Maintained Juniper SSL VPN appliances and troubleshooted Security and Secure Connect connection issues.
  • Spearheaded a secure SSL based VPN solution for remote users of campus resources.
  • Developed primary VPN portal on a Cisco 5550 ASA for Fulton County employees.
  • Designed and implemented SecureLink SSL VPN to manage vendor remote access.
  • Experience Resolving VPN Connectivity Issues laptop, modem, NIC.
  • Migrated users from previous VPN client to Entrust soft token.
  • Secured CBOT environment with Checkpoint firewalls and Juniper VPN devices.
  • Integrate with network devices, systems, VPN logs.
  • Supported corporate AT&T VPN, RADIUS authentication, PAL, and Vendor RAS systems.
  • Lead engineer for Remote Access using Juniper SSLVPN, primary point of contact for all changes, design of access.
  • Create, Install and troubleshoot all Citrix Virtual Private Network issues (VPN) for the ENOC network.
  • Experience configuring, maintaining, and troubleshooting site to site IPSEC VPNs.
  • Supported the migration of VPN concentrators to new projects.
  • Administered Unix, Sybase, VPN, RACF, Power Image, WANG, PSR, TSO and NT systems.
  • Manage ongoing, implementation and Cisco ASA firewalls configuration such as VPN, ACLs, and stateful failover.

Show More

32. Hipaa

low Demand
Here's how Hipaa is used in Information Security Analyst jobs:
  • Incorporated Information Security and HIPAA/NIST Best Practice standards into business and network infrastructure and practices.
  • Planned and implemented phased-in approach to identify vendors classified as business associates according to HIPAA.
  • Developed computer and network security procedures based on industry standard frameworks for HIPAA compliance.
  • Documented OHSU-wide HIPAA privacy and security gap analysis conducted to determine department-level readiness.
  • Conducted HIPAA audits of system access and information depositories for compliance with policy to retain Joint Commission for Health Care Accreditation.
  • Complete Security compliance reports, analysis and recommendations for improvement regarding NIST, NERC CIP, HIPAA and other industry regulations.
  • Conducted security assessments within the PCI DSS, HIPAA, and FERPA realms to ensure proper mitigating controls are in place.
  • Utilized Excel and Word to develop and maintain databases to track and reference both GISRA and HIPAA regulations and legislation.
  • Designed, implemented, and tested security processes and procedures to comply with HIPAA security & privacy regulations.
  • Team member responsible for OHSU meeting HIPAA privacy and security federally mandated requirements and deadlines.
  • Align business with HIPAA and HITECH compliance requirements utilizing NIST and OSSTMM 3.0 protocols.
  • Worked with developers to redesign encryption scheme for nationwide database to meet HIPAA requirements.
  • Assisted in HIPAA and PCI audits and provided needed evidence to satisfy auditor requests.
  • Coordinated the HIPAA compliance program for the Student Health Center and Student Athletics.
  • Comply with the HIPAA Security Rule, and PCI standards.
  • Conducted Information Security Awareness and HIPAA Training to employees.
  • Filled the vacant Named HIPAA Security Officer role.
  • Performed assessment base on the COSO, COBIT, HIPAA, SAS70 and HIPAA Frameworks.
  • Investigate, evaluate and implement end user security technologies and antivirus packages in order to satisfy HIPAA data protection needs.
  • Organized and conducted HIPAA privacy walkthroughs across OHSU to determine compliance with federal regulations.

Show More

33. User Access

low Demand
Here's how User Access is used in Information Security Analyst jobs:
  • Provided assistance in integration of Account Courier and Password Courier into Office Depot corporate/global environment from manual user access process.
  • Managed end user access in accordance to Information Security guidelines.
  • Created and conducted several Information Systems user access audits.
  • Created and thoroughly documented troubleshooting processes to be used by other team to resolve user access and office 365 performance issues.
  • Assisted non-IS departments with adhering to the client's user access control policies as well as those mandated by HIPAA regulations.
  • Used Excel to run PivotTables and user access and presented findings to the Product Owner and the business owners.
  • Corresponded with the FISMA Team, providing status reports of user access changes/removals throughout the Board of Governors.
  • Used SQL Developer to run daily reports and query user access information on a daily basis.
  • Key point person for mainframe access requests using user access controls on Liberty Mutual mainframe.
  • Used SQL Developer on a daily basis to pull user access and perform analysis.
  • Provided 24/7 on call support for user access issues and troubleshooting for various applications.
  • Assisted System Security Officer with periodic validation of User Access to CSB Project Systems.
  • Helped reduce IT Security risk by regulating end user access to company systems.
  • Maintained all rule sets for process and end-user access to mainframe systems/subsystems.
  • Assisted with both CyberArk user provisioning and safe creation / User access.
  • Managed accounting and finance user access and supported SOX audits.
  • Coordinate quarterly user access reviews to meet SOX regulatory requirements and vendors contractual obligations.
  • Audit of Active Directory, corporate compliance, HIPAA, user access, termination audit trails and vulnerability scans.
  • Processed logon id/user access requests in accordance with standards and to enhance user security.
  • Key Applications Supported Active Directory Adding/Removing User Access, Resetting Passwords for following: SQL Databases Sybase PeopleSoft.

Show More

34. Security Standards

low Demand
Here's how Security Standards is used in Information Security Analyst jobs:
  • Assist in the enforcement and interpretation of corporate-wide information security standards, policies and procedures.
  • Maintain security standards and administers security policies to control access to systems.
  • Developed and documented security standards, internal operational processes and technical procedures.
  • Evaluated and interpreted Information Security Standards and Regulations for Information Technology.
  • Develop security standards and best practices for an organization.
  • Configured security standards and scheduled security checks.
  • Managed email encryption solution for compliance with 45 CFR Parts 160, 162, and 164-HIPAA Security Standards & SOX.
  • Collaborate with other business units inside and outside of IT to evaluate risk and ensure system security standards are met.
  • Develop a comprehensive and systematic approach to implementing and meeting all security standards in compliance with NIST 800-53 Rev.
  • Implemented Risk Management framework to information system Following NIST 800-37 rev 1 security standards and guidelines.
  • Managed risks and maintained compliance with security standards and proper management of areas of non-compliance.
  • Worked on evaluating requests based on the compliance of corporate security standards & policies.
  • Scripted and performed remotely checks to assure compliance with security standards.
  • Developed security standards and best practices for Newport News Shipbuilding.
  • Gained knowledge of security standards of TLS 1.2.
  • Define and update security standards and checklists.
  • Authored information security policies and analyzed all Deloitte business operations to ensure compliance with information security standards.
  • Access administration - created, modified, and deleted accounts, groups, and resources according to Wachovia Security standards.
  • Enforced security standards dictated by the Information Security Office (i.e.
  • Developed and implemented security standards, procedures and guidelines for multi-site and diverse systems environment.

Show More

35. Siem

low Demand
Here's how Siem is used in Information Security Analyst jobs:
  • Managed heuristic and anomaly-based IDS implementation project and SIEM reporting and response.
  • Created and debugged Snort Intrusion Detection System (IDS) and Sagan Security Information event management (SIEM) rules.
  • Monitored and supported Data Loss Prevention (DLP) tools and Security Information and Event Management (SIEM).
  • Monitored Security Information Event Management (SIEM) alerts critical to maintaining NCDOT PCI-DSS compliance.
  • Network monitoring using SecureVue as main SIEM tool.
  • Execute RSA SIEM daily and monthly reports.
  • Identified, monitored, and investigated computer and network intrusions using SIEM products such as Qradar and Check Point Smart Event.
  • Escalated and monitored of IDS (Intrusion Detection Systems) alerts and threats post analysis through SIEM ArcSight 6.5 tool.
  • Worked for corporation Bank from Wipro InfoTech as Security L1 (SIEM) Security Incident Monitoring analyst for 2 years.
  • Investigate incidents using Arcsight SIEM technology, packet captures, reports, data visualization, and pattern analysis.
  • Performed administrative duties on TippingPoint IPS, QRadar SIEM, Tenable Security Center and Rapid 7 security appliances.
  • Operationalized and currently managing SIEM; create, modify and correlate rules for better detection and response.
  • Prepared monthly Security and Information Event Management (SIEM) reports for weekly and Quarterly SOx audits.
  • Extracted custom fields in QRadar SIEM using regular expressions (RegEx).
  • Worked closely with Intellitactics (SIEM) developer on monitoring and ticketing.
  • Created custom filters, rules, and reports in QRadar SIEM.
  • Define criticality and labeling of systems that report to our SIEM.
  • Utilized QRadar SIEM to monitor events from Cisco ASA firewall.
  • Created Log Source Extensions in QRadar SIEM.
  • Investigated security incidents using various technologies including TippingPoint IPS, QRadar SIEM, McAfee ePolicy Orchestrator.

Show More

36. Linux

low Demand
Here's how Linux is used in Information Security Analyst jobs:
  • Established servers and firewalls, created accounts and groups in Active Directory for both Windows and Linux systems.
  • Implement, configure and maintain Red Hat Enterprise Linux 7 to support multiple virtual machines.
  • Experienced in establishing password encryption policies for Linux, UNIX and Windows Server Operating systems.
  • Provided Linux administration, Windows / NT / 2000/2003/2008 server environments, security audits.
  • Perform system analysis for Windows 2012 R2 and older systems including Linux Mint servers.
  • Validated and run reports for Windows and Linux for Turnovers and decommissioned servers.
  • Performed System wide desktop security updates such as Linux and Windows 2000/2003 Administration.
  • Implemented and maintained Linux/Unix based servers for the Defense Messaging System.
  • Subject matter expert (SME) for the Linux operating system.
  • Provisioned users in both active directory and on Linux servers.
  • Developed Linux & WLST scripts to perform automated deployments.
  • File Integrity on HP Linux and Unix using TripWire.
  • Identify scope, manage and lead project on converting servers to boot from SAN for Solaris and Linux throughout the enterprise.
  • Provide profile/access troubleshooting for various platforms including Windows 2000, XP, Citrix, Linux, UNIX, and Oracle.
  • Apply required security patches within NIST and enterprise guidelines Deploy Firewall, mail server, DHCP and DNS Linux systems
  • Maintained a LINUX server to be a repository for Patch Management for all of the e-business customers.
  • Harden nix based servers (Linux, AIX, Solaris) using Center for Information Security benchmarks.
  • Implemented a proof of concept for Metasploit Pro on Kali Linux using NGINX.
  • Implemented apache installation on Linux machine with TLS 1.2 standards
  • Performed security testing with linux tools and systems.

Show More

37. Internet

low Demand
Here's how Internet is used in Information Security Analyst jobs:
  • Achieved optimal security for internet through encryption and database support.
  • Manage Cisco IronPort application to monitor internet and email usage.
  • Managed Firewall/Internet Proxy policies, procedures, and implementation.
  • Developed the first clearly defined Internet Usage Policy for the state of New Mexico, affecting over 15,000 state employees.
  • Created University policies and procedures governing IT security, email and Internet usage, access control, and incident response.
  • Identified vendor and implemented solution for internet blocking and filtering for INVISTA, a company with 15,000 internet users.
  • Web Proxy o Managed company s web surfing policy (BlueCoat & Microsoft Internet Security and Acceleration).
  • Review and approve firewall exceptions to allow Internet and Intranet access.
  • Performed maintenance requests in the Internet firewall and E-mail environment.
  • Work on analyzing internet usage of users and email usage.
  • Provided third level support for VPN and Internet/Intranet firewalls.
  • Audit Internet browsing access of over 6,000 employees.
  • Investigate misuse or inappropriate conduct on the internet.
  • Oversee functionality of security systems to ensure security policies are being withheld including internet browsing restrictions and software downloads.
  • Company Overview - Sprint Nextel provides wireless services and it is a major global internet carrier/mobile service provider.
  • Utilized tools such as LexisNexis, Accurant, PenLink, Analyst Notebook, Internet Crimes IC3 database,
  • Performed Internet research on advisories and patches for the most current security threats and exploits.
  • Administer and maintain the Websense Internet monitoring platform globally.
  • Co-managed Bluecoat proxy to mitigate risks associated with malware, data leakage and unauthorized internet usage.
  • Utilize VMWare/virtual machines to conduct analysis on malware and review and monitor internet traffic real-time.

Show More

38. SQL

low Demand
Here's how SQL is used in Information Security Analyst jobs:
  • Develop and administer PHP/MySQL project management software and related services.
  • Configured users access to the system, conducting ongoing self assurance audits for inactive system users, accessing SQL reporting system.
  • Employed MS Access & SQL to create a single tracking database to improve information accuracy & reduce report prep time.
  • Worked on databases including SQL Plus (Oracle), MS SQL and other legacy systems.
  • Managed and setup database for security monitoring and financial applications using MS 2005 SQL Server.
  • Provide access to secured networks, applications, data, Oracle & SQL databases.
  • Managed and ensured the security of databases such as Oracle and Microsoft SQL Server.
  • Terminated and active user access control reviews using AD Manager & SQL Server.
  • Managed company database for product update based on Access 2007 and SQL Server.
  • Created SQL queries as for Business Analysts as needed.
  • Developed interactive web application in PHP / MySQL.
  • Maintain identities in SQL Server 2000.
  • Used Programming languages, HTML, JAVA, SQL.
  • Use of SQL backbone along with Pro Watch.
  • Applied complex SQL data transformations on that data and then delivered relevant and requested data to end users.
  • Account management for Sybase, Oracle & Microsoft SQL databases and Active Directory security groups.
  • Use of PowerShell Scripts, and SQL queries to monitor and remediate appropriate administrative access.
  • Tested database vulnerabilities using tools such as AppDetect, and SQLping.
  • Experience programming with SQL as well as object oriented languages including .Net, C#, and Java.
  • Created schemas for the URL logs from clients web server and parsed the logs into PostgreSQL database; 2.

Show More

39. Access Management

low Demand
Here's how Access Management is used in Information Security Analyst jobs:
  • Supported DealerTrack operations by assisted in access management, both physical and logical.
  • Maintain and update documents and procedures related to identity and access management for all clients, applications and systems.
  • Help to develop company enterprise identity and access management system - CIAM, using IBM ISIM/ISAM products.
  • Recreated SharePoint 2003 assets in SharePoint 2007 environment due to merger related activity for Enterprise Access Management.
  • Manage documentation and training for Level 1 and 2 provisioning teams relating to Identity and Access Management.
  • Work on other Access Management compliance Area like Password Vault necessity, Interactive, Password Policy etc.
  • Maintained business and security processes for the Identity and Access Management (role-based access) team.
  • Managed project to select and implement enterprise Identity & Access Management system for 3000+ registered users.
  • Analyzed various security issues in Incident Management, Patch Management, Access Management logs and reports.
  • Implement upgrade of identity access management tools across development, test, and production environments.
  • Created Security Access Management program for the ERP system, (QAD's MFG/PRO).
  • Ensured that the firms' Identity & Access Management Program is adhered to.
  • Performed testing of the Identity and Access Management and Role Management applications.
  • Evaluate, devise and implement processes for Smart Card Access Management team.
  • Participated on identity and access management (IAM) design team.
  • Provide global access management for the ACF2 and Unix environments.
  • Monitor Midrange Access Management email for emergency requests.
  • PROJECT: K-BYPASS Involved in Designing, Developing, Installing and Configuring Identity and Access Management solutions.
  • Provide Identity and Access Management services Manage users and groups in AD using Hyena system tools
  • Support access management practices in accordance to the ISO [ ] standard and ITCG controls.

Show More

40. Security Posture

low Demand
Here's how Security Posture is used in Information Security Analyst jobs:
  • Conducted Information Assurance self-assessments, reviews of AIS security postures and makes recommendations or performs corrective actions as necessary.
  • Implemented security incident and event management platform to monitor IT operations and the organization security posture.
  • Composed and disseminated weekly security reports to leadership and corporate-level administration detailing domain security posture.
  • Assess corporate information security posture; develop and implement processes to reduce information security risks.
  • Develop and deploy content to increase user awareness and improve organization's security posture.
  • Assist in security product evaluation and selection to improve the organization's security posture.
  • Participate in/manage projects and initiatives aimed at strengthening the company's security posture.
  • Managed security posture of program computer systems according to government compliance directives.
  • Carry out application risk assessments to ensure robust security posture.
  • Conducted internal audits to increase security posture.
  • Improved the security posture of McKesson by continuously finding and scanning previously not scanned servers and devices on the production network.
  • Worked with users, developers, and system administrators to aid, maintain, and continuously improve security posture.
  • Provided comprehensive support to various Information Assurance requirements needed to optimize the security posture of the JV Enterprise Network.
  • Brief management and administration on current security posture of the state including risks, vulnerabilities, and threats.
  • Performed audit trail analysis and system updates to maintain the security posture of DoD Information Systems.
  • Conducted annual security posture assessments and enterprise risk analysis, in role of lead auditor.
  • Maintained the security posture of NATEC Information Systems.
  • Composed Memoranda-for-record to formally document proceedings at senior level meetings affecting PEO MS security posture.
  • Recommended plans of action to program managers to maintain the accredited security posture of the system in accordance with current policies.
  • Managed security posture of program computer systems according to JAFAN, DCID, and other Intelligence Community Directives (ICDs).

Show More

41. Mcafee

low Demand
Here's how Mcafee is used in Information Security Analyst jobs:
  • Provided training to staff and assisted DISA and McAfee representatives in support of coordinated training efforts.
  • Deployed automatic and manual McAfee agents to Windows workstations and installed Rogue System Sensors.
  • Worked extensively with McAfee's HBSS security tools to track threats to the U.S.
  • Created a McAfee repository local server for automatic updates for the Akron site.
  • Implemented and managed McAfee DLP Data Loss Prevention for site.
  • Managed Anti-Virus systems for site McAfee & F-Secure.
  • Analyzed system security logs along with conducting low-level desktop and Mcafee firewall scan on each system.
  • Worked as lead engineer to design and deploy McAfee ePO to SPAWAR environment for 6K users.
  • Manage Cisco, McAfee, and Palo Alto devices for content filtering.
  • Executed monthly McAfee Foundstone Vulnerability scans for NASA and ESCG organization.
  • Utilized McAfee ePO HIDS to monitor end users.
  • Upgraded 4 existing Windows servers and McAfee Antivirus.
  • Administer McAfee ePO, making machines compliant.
  • Configured and administered McAfee E-Policy Orchestrator Antivirus updater tool to our sites nationwide.
  • Manage and monitor software packages using McAfee ePolicy Orchestrator 3.6.1 and 4.0 in accordance with DoD policies and client needs.
  • Included working with Nessus Security Center, Nessus Vulnerability Scanners, McAfee ESM SIEM, and Snort Intrusion Detection Systems.
  • Administered McAfee ePolicy Orchestrator server policy settings to better implement configuration standards throughout the USSOUTHCOM AOR.
  • Managed deployment of McAfee Endpoint Production products via ePolicy Orchestrator (EPO).
  • Use Various Security Tools (RSA, Qualys, McAfee IDS, FireEye) to monitor and detect network threats 2.
  • Used SourceFire, Mandiant, BlueCoat, McAfee ePolicy Orchestrator, Checkpoint Firewall Manager, IronPort and F-Secure.

Show More

42. Symantec

low Demand
Here's how Symantec is used in Information Security Analyst jobs:
  • Assist in patch deployment and workstation administration using Symantec Management Agent.
  • Managed domain Symantec anti-virus server and provided client-side support.
  • Review digital certificates expiration using Symantec Managed PKI.
  • Assist CSOSA's Infrastructure team by conducting remove anti-virus scans on possible infected machines using Symantec Endpoint Protection Manager.
  • Created new images and boot disks using Symantec Ghost for disaster recovery and backup procedures.
  • Used Symantec end point solutions to update signature file in daily basis.
  • Created an effective daily and full backup procedures using Symantec Backup Exec.
  • Configured Symantec CCS dashboards to show weekly and monthly vulnerability trends.
  • Utilized Symantec Endpoint Management Console, in managing clients.
  • Maintained client health metrics on Symantec Endpoint Protection.
  • Lead Architect, Symantec Endpoint Protection 12.1.
  • Architected, designed and implemented Symantec Endpoint protection.
  • Install and use software, such as Symantec Endpoint Protection and Symantec Endpoint Encryption programs, to protect sensitive information.
  • Upgraded VeriSign Unified Authentication application to Symantec's Validation and ID Protection Service (VIP) Enterprise Management Gateway.
  • Patch McAfee/Symantec environments in accordance with McAfee/Symantec schedule which at the time was five times a year.
  • Reviewed PAN (Primary Account Number) incidents with Symantec Data Loss Prevention (Vontu).
  • Provided end user support for Credant, PGP Full Disk Encryption, Symantec Endpoint Protection
  • Maintain and deploy Symantec Antivirus using the Symantec System Center application.
  • Configured Symantec and Novell products for business pc's and laptops.
  • EnCase, Symantec, eDiscovery).

Show More

43. Troubleshoot

low Demand
Here's how Troubleshoot is used in Information Security Analyst jobs:
  • Troubleshooted and resolved routine security problems for escalated service requests from Support Center associates, customers and other team specialists.
  • Create troubleshooting guides for multiple systems with verification for accuracy, and effectiveness.
  • Utilized and implemented remote troubleshooting for distant end users with configuration issues.
  • Managed Virtual Private Network databases and performed troubleshooting.
  • Lead the research, installation, configuration, implementation, troubleshooting, and maintenance of overall security systems and services.
  • Utilized tools to troubleshoot group issues, SEP errors as well as problems, and assisted with correcting issues.
  • Create, modify and update documentation for troubleshooting problems, installing software, and configuring workstations in the library.
  • Support the new EMR (Electronic Medical Records) and portal applications for patient care and troubleshoot problems.
  • Performed troubleshooting, testing and analysis of Discovery Cracker software to ensure 100% efficiency.
  • Worked with various groups on troubleshooting incidents and familiarization for ESM and data security.
  • Answered customers questions about alarms, provides some troubleshooting of alarm systems.
  • Assisted with troubleshooting, setup and program installation of data systems.
  • Supplied troubleshooting and issue resolution for 1,300 end users.
  • Configure and troubleshoot switches & routers, Cisco firewall.
  • Design and troubleshooting in a TCP/IP LAN/WAN environment.
  • Performed mobile app troubleshooting i.e.
  • Utilize helpdesk software to provide issue tracking, customer support, and troubleshooting documentation.
  • Assist in 3rd tier troubleshooting to resolve threats found in Palo Alto firewall logs.
  • Maintain and Troubleshooting RSA servers and CISCO concentrators.
  • Performed various network connectivity troubleshooting using various command lines tools such as Wireshark and tcpdump.

Show More

44. Technical Support

low Demand
Here's how Technical Support is used in Information Security Analyst jobs:
  • Directed Technical Support staff in installation, configuration and upgrades of system security software.
  • Accomplished providing technical support by troubleshooting Day-to-Day issues with various Servers on different platforms.
  • Provided daily technical support as required to ensure proper operations of security systems.
  • Provided technical support to Network Command Center Camp Leatherneck Afghanistan.
  • Provided third- level technical support for Data Center Operations
  • Provided technical support for security related issues.
  • Provide training and technical support to other members of the team that are involved with troubleshooting security related connectivity issues.
  • Provide project technical services as the vendor management liaison for access control and technical support for security systems.
  • Provided technical support to all aspects of the Global Network Operations Support Center Network Defense operations.
  • Provided technical support to application owners, project management team, vendors, and end-users.
  • Provided Security guidelines for all technical support groups and assisted with product upgrades.
  • Provided technical support to local and remote users, Monitored mixed network systems.
  • Resolved access issues, working closely with business partners and technical support.
  • Provided technical support for hardware and software of in-office and remote employees.
  • Maintained access by providing information, resources, and technical support.
  • Handled problem and technical support for access issues for remote access.
  • Provide 24x7 on-call technical support to customers.
  • Provided 24 x 7 on-call technical support.
  • Performed technical support to SAP systems, AIX and DB2 Environments Provided systems and business analysis support to large projects
  • Provide detailed documentation to local and out of state technical support groups across the company.

Show More

45. ISO

low Demand
Here's how ISO is used in Information Security Analyst jobs:
  • Establish and maintain liaison with other organizations and agencies engaged in government wide declassification programs.
  • Analyzed and documented exceptions to policies and served in advisory capacity for remediation.
  • Provide security consulting and advisory services to business units and project teams.
  • Experience in projects involving ISO27001 security implementations and/or audits.
  • Reviewed vulnerability announcements from US-Cert and MS-ISAC advisories.
  • Directed training for management and supervisory personnel.
  • Analyzed current IT operations against industry security frameworks and best practices (ISO, CobiT).
  • Serve as media liaison and primary point of contact for the University Information Security Office.
  • Assigned as point liaison for the Security Control Assessments, Pen Test and Audit reviews.
  • Used a variety of reports and tools to track and isolate user access problems.
  • Work as liaison between the business areas and Information Security to ensure good communication.
  • Worked as liaison to coordinate activities of system engineers, operations and billing personnel.
  • Serve as a subject matter expert for ISO27001 Compliance related issues.
  • Act as LAM liaison in technical projects as necessary.
  • Job Responsibilities: * Review and/or update existing policies and supporting documents to meet ISO 27001 standards.
  • Act as the technical liaison with MSSP Symantec during the set and configuration period.
  • Assisted with implementation of Corporate Key Control Matrix following ISO 27001 framework.
  • Use of Stinger by Intel, Raptor Beta, McAffee Site Advisor.
  • Demonstrated effectiveness of security controls and managed evaulautaing controls for compliances and standards like ISO 27001 and SSAE 16.
  • Implemented quarterly infrastructure (SOx, ISO and SOC2) audit findings, and held weekly SOx review meetings.

Show More

46. User Accounts

low Demand
Here's how User Accounts is used in Information Security Analyst jobs:
  • Create user accounts within clinical applications based on department and job responsibilities.
  • Assist system admin with administering user accounts using active directory.
  • Key Achievements: * Independently supported and maintained all user accounts for 2 hospitals over a 1-month period without any issues.
  • Administered 3 NT domains for 8000+ user network for user accounts and shared network resources with group and user account permissions.
  • Managed HIPS, Host-based Firewall and Application Blocking/Protection including support of HBSS user accounts/permissions involving HBSS 3.0 / 4.5.
  • Maintained (0) deviation of active user accounts on managed applications/databases against active employees in HR Management System.
  • Added user accounts to share builder, troubleshot issues with users and monitored usage on the printing management system.
  • Managed Windows and Unix/PowerBroker (AIX, Sun and Linux) user accounts and groups and service accounts.
  • Maintain user accounts and DB2 database privileges on AIX, including SP and CSM environments.
  • Provide technical support call resolution to end users, create end-user accounts.
  • Created share drives for corporate, store and vendor user accounts.
  • Manage user accounts in Active Directory as well as clinical applications.
  • Created Firewall proxy and FSO user accounts.
  • Perform monthly security audits of user accounts.
  • Prevented several attempts to gain unauthorized access to patient information Created and disabled user accounts in the OSU Medical Center.
  • Created, maintained and removed user accounts in Novell, NT, UNIX and other various software platforms.
  • Maintained user accounts for all computer users at all four Gaylord properties.
  • request (IAM) by creating groups, user accounts, and manage roles.
  • Administered Active Directory user accounts/groups/OUs in an enterprise multi-domain windows environment.
  • Created new user accounts for the Cerner medical records database.

Show More

47. RSA

low Demand
Here's how RSA is used in Information Security Analyst jobs:
  • Administered RSA token security program, which included assigning security tokens to users and maintaining written approval/citation program.
  • Determine enterprise risk to HRSA systems and applications and ensure that defined vulnerabilities are mitigated.
  • Led management teams report responses and oversaw technical implementation of remediation measures.
  • Conducted risks and protection analyses and oversaw vulnerability management.
  • Configured and documented the installation of PGP Universal Server in order to maintain encrypted copies of files that contain sensitive information.
  • Deployed Threat and Vulnerability Management tab in RSA Archer for the network security scanning in the SAAS environment.
  • Assisted with development of Anti-Tamper guide and oversaw the progress and status of Anti-Tamper guide.
  • Performed operator maintenance, queries and index of the RSA SQL database.
  • Maintained and supported 1000+ RSA and Entrust VPN users.
  • Developed and oversaw operational Information Systems (IS).
  • Manage RSA ECAT console and environment.
  • Identify and remitted security related network vulnerabilities and incidents using RSA enVision and Tipping Point.
  • Re-architected and upgraded the RSA SecurID authentication infrastructure, including integration with third-party management tools.
  • Issue of Third party, Secure Email and SSL Certificates RSA, RADIUS and Digital Certificates Infrastructure Maintenance
  • Develop and test Splunk Universal Forwarder installation methods for deployment to all Windows servers in the enterprise.
  • Manage RSA Archer tool for compliance, operations, SOX management and exception management.
  • Supported and Maintained RSA system and database for remote access (Securid).
  • Assisted with migration of RSA multifactor tokens to certificate based VPN authentication.
  • Triaged incidents to enumerate and report adversary tactics, techniques and procedures.
  • Worked on Multifactor authentication (RSA vendor) for over 3,000 users.

Show More

48. Fips

low Demand
Here's how Fips is used in Information Security Analyst jobs:
  • Conduct the security categorization using FIPS 199 to identify confidentiality, integrity and availability.
  • Conduct kick off meetings using the approved IT security framework, FIPS 199/NIST SP 800-60 to categorize information and information system.
  • Perform Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners selected stakeholders.
  • Worked alongside team to complete the FIPS 199, Standards for Security Categorization of Federal Information Systems.
  • Assisted system owners in categorization of systems using FIPS-199.
  • Perform Security Categorization (FIPS 199).
  • Review and update IAM and authentication services to comply with PCI, SOX, FIPS, NIST, FISMA and PIA.
  • Familiarized with IT security best practices with C& A processing, FISMA, FIPS and NIST SP 800 series.
  • Aligned findings to HIPAA, HITECH, NIST 800, and FIPS 140.
  • Reviewed completed FIPS 199 for GSS's and MA's.
  • Performed FIPS 199 Assessments for SAP ERP.
  • Conduct security awareness training and expected rules of behavior for end-users I participated in the FIPS 199 process using SP 800-60.
  • Certified for the use of CBP the FIPS 140-2 Cryptographic Modules, Secure USB Flash Drives with 256-bit AES encryption.
  • Participate in Information types mapping, Information and Information Systems Categorization processes using NIST SP 800-60 and FIPS 199.
  • Reviewed and updated some of the artifacts especially FIPS 199, SAR and POA&M.
  • Designated systems and categorized its C.I.A using FIPS 199 and NIST SP 800-60.
  • Reviewed and updated some of the system categorization using FIPS 199.
  • Abided by the NIST, FISMA, FIPS, OCIO security standards.
  • Architected solutions to ensure FIPS 140-2 encryption on RDP endpoints and IPSec on legacy clear text protocol applications.

Show More

49. IDS

low Demand
Here's how IDS is used in Information Security Analyst jobs:
  • Worked closely with the Global Vulnerability Assessment team to coordinate penetration testing and vulnerability scans with NIDS alerts.
  • Maneuvered through UNIX based directory files and used UNIX based editor (VI) to extract and compile JIDS data.
  • Reviewed and analyzed firewall, IDS, and security appliance logs, and network traffic for unusual or suspicious activities.
  • Generated reports based off log files from Firewalls, Web Proxies, servers, and IDS appliances.
  • Developed and maintained Java based IDS and other Bash, C, and C++ programs as needed.
  • Created new software based solution for analyzing IDS sensor data from multiple VLANS.
  • Install and maintain security infrastructure, including IDS and security assessment systems.
  • Verified the OS, number of servers and IDs to be supported.
  • Evaluated, procured, and implemented the corporate wireless IDS/IPS.
  • Developed ID tracking database for all Tandem user IDs.
  • Assisted Security Engineers with managing Network Intrusion Detection Systems (NIDS) and Host-based Intrusion Detection System (HIDS).
  • Planned and managed various security projects (e.g., review of group memberships and privileged userids annually).
  • Build and maintain ACF2 datasets and resource mainframe rules along with ACF2 user ids.
  • View & Analyze real-time activity on IDS (ISS) Policies/Standards/Directives review.
  • Created and maintained mainframe logon IDs for TSO and CICS applications.
  • Added, changed, deleted and revoked userids to the systems.
  • Supported products including SourceFire IPS/IDS, RSA EnVision, PaloAlto Application Firewall, Symantec EndPoint, Symantec SCCS and Rapid7.
  • Set up Metaframe IDs and corrected id issues such as login and security token synchronization.
  • Build Unix Control Minder eTrust surrogate rules, ids, groups and Sudo rules.
  • Process tickets to create Acf2 logonids, delete logonids and processed dataset requests and managed passwords on an IBM mainframe.

Show More

50. Ips

low Demand
Here's how Ips is used in Information Security Analyst jobs:
  • Developed and maintained relationships with internal and external customers to formulate information security governance solutions.
  • Maintain ongoing positive working relationships with business owners and delegates.
  • Interact effectively and foster working relationships with Business Partners.
  • Configured and managed IPSEC connections to co-location facilities.
  • Managed multiple vendor relationships from inception to completion.
  • Provided on call support, audit support, lead in projects, establishing relationships with customers and following audit security policies.
  • Maintain Sport Clips software and operating system software by applying software and security updates to ensure system performs efficiently.
  • Monitored incoming and outgoing network traffic with the Tipping Point IPS and investigated the blocks for further scrutiny.
  • Configure, implement and maintain IPS module on ASA 5505 and 5510 firewalls main office and branch locations.
  • Applied problem solving techniques and developed relationships with clients and internal users.
  • Managed Security Gateway for email protection and IPS/IDS for Desktop systems.
  • Created the IPS and ADS policy baseline and boundary hardening.
  • Served as primary firewall and IPS log review analyst.
  • Maintained relationships with customers with diverse needs.
  • Located events of interest through monitoring of IPS/IDS, firewall, antivirus and correlation tool logs.
  • Identify ways to improve system efficiencies while building and maintaining all client relationships.
  • Managed ANX / EBMX gateway infrastructure and IPsec tunnels to supplier sites.
  • Administer and maintain the Sourcefire intrusion prevention system (IPS) globally.
  • Created and maintained IDS/IPS rules with Sourcefire.
  • Researched and implemented Cisco Sourcefire IPS and Proofpoint Email Gateway with documentation and training of responsible employees.

Show More

20 Most Common Skill for an Information Security Analyst

Ensure Compliance13%
Vulnerability Assessments11.1%
Information Technology8.9%
Risk Assessments6.9%
Information Security Policies6.9%
System Security Plan4.7%
Active Directory4.6%
Incident Response4.3%

Typical Skill-Sets Required For An Information Security Analyst

RankSkillPercentage of ResumesPercentage
1
1
Ensure Compliance
Ensure Compliance
8.2%
8.2%
2
2
Vulnerability Assessments
Vulnerability Assessments
7%
7%
3
3
Information Technology
Information Technology
5.6%
5.6%
4
4
Risk Assessments
Risk Assessments
4.4%
4.4%
5
5
Information Security Policies
Information Security Policies
4.4%
4.4%
6
6
System Security Plan
System Security Plan
2.9%
2.9%
7
7
Active Directory
Active Directory
2.9%
2.9%
8
8
Incident Response
Incident Response
2.7%
2.7%
9
9
Nist Security Policies
Nist Security Policies
2.6%
2.6%
10
10
Data Loss
Data Loss
2.5%
2.5%
11
11
Assurance
Assurance
2.5%
2.5%
12
12
Disa
Disa
2.5%
2.5%
13
13
Firewall
Firewall
2.2%
2.2%
14
14
Security Assessment
Security Assessment
2.1%
2.1%
15
15
Security Awareness
Security Awareness
2%
2%
16
16
Network Security
Network Security
1.8%
1.8%
17
17
Unix
Unix
1.8%
1.8%
18
18
Intrusion Detection
Intrusion Detection
1.7%
1.7%
19
19
PCI
PCI
1.7%
1.7%
20
20
Security Requirements
Security Requirements
1.6%
1.6%
21
21
DOD
DOD
1.6%
1.6%
22
22
Cyber
Cyber
1.6%
1.6%
23
23
SOX
SOX
1.6%
1.6%
24
24
Nessus
Nessus
1.6%
1.6%
25
25
Fisma
Fisma
1.5%
1.5%
26
26
POA
POA
1.5%
1.5%
27
27
Security Incidents
Security Incidents
1.5%
1.5%
28
28
Mainframe
Mainframe
1.5%
1.5%
29
29
Security Issues
Security Issues
1.4%
1.4%
30
30
Access Control
Access Control
1.4%
1.4%
31
31
VPN
VPN
1.4%
1.4%
32
32
Hipaa
Hipaa
1.3%
1.3%
33
33
User Access
User Access
1.3%
1.3%
34
34
Security Standards
Security Standards
1.3%
1.3%
35
35
Siem
Siem
1.2%
1.2%
36
36
Linux
Linux
1.2%
1.2%
37
37
Internet
Internet
1.2%
1.2%
38
38
SQL
SQL
1.2%
1.2%
39
39
Access Management
Access Management
1.1%
1.1%
40
40
Security Posture
Security Posture
1.1%
1.1%
41
41
Mcafee
Mcafee
1.1%
1.1%
42
42
Symantec
Symantec
1.1%
1.1%
43
43
Troubleshoot
Troubleshoot
1%
1%
44
44
Technical Support
Technical Support
1%
1%
45
45
ISO
ISO
1%
1%
46
46
User Accounts
User Accounts
1%
1%
47
47
RSA
RSA
0.9%
0.9%
48
48
Fips
Fips
0.8%
0.8%
49
49
IDS
IDS
0.8%
0.8%
50
50
Ips
Ips
0.8%
0.8%

37,631 Information Security Analyst Jobs

Where do you want to work?