Job Description :
Job Title: Senior Cybersecurity Analyst
Location: Ewing Township, NJ
Duration: 12Months
Visa Status: USC
Experience Required:
A minimum of Five (5) years of network and information security experience.
Experience Preferred:
Relevant security certifications preferred (i.e. CISSP, CRISC, CEH, CISA, CISM, GPEN, etc
Position Description:
Responsible for developing the effectiveness and leading the activities of the NJCCIC Vulnerability Management Team
Responsible for researching, implementing, and configuring vulnerability assessment tools
Supervise and conduct infrastructure and application vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
Analyze results and engage with information technology and security teams in order to resolve identified security vulnerabilities and deficiencies.
Identify and resolve any false positive findings in assessment results.
Produce metrics and reporting on the state of Executive Branch and individual agency security infrastructures, applications, and operations.
Oversee Remediation Activities including: - Manage tracking and remediation of vulnerabilities by leveraging agreed upon action plans and timelines with vendors and support teams. - Schedule and facilitate meetings with vendors and support teams to review remediation status. - Validate remediation by reviewing vulnerability results and providing status updates - Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions. - Help key stakeholders with vulnerability remediation (researching how to fix, what patch to apply, what configuration change(s) to make, etc
Actively participate in information security compliance reviews, audits and the remediation and mitigation of identified risks
Drive continuous improvement of the cyber security program through identification of risk, recommendations for improvements, automation of alerts and remediation, and communication with key information security and information technology partners.
Work with cross-functional teams to deliver an enterprise security posture that evolves with business, technological, and threat landscape changes
Develop and implement hunt techniques for the identification of threat actors across Executive Branch environments
Provide subject matter expertise, leadership and coordination for the Vulnerability Management Team •Assist with incident response activities as appropriate including triage, root cause analysis, kill chain analysis, escalations, notifications, communication, etc., and in accordance with the State’s Information Security Incident Response Plan
Mentor and train other employees to improve their skills and effectiveness
Assist with the development and management of the cybersecurity budget
Other information security duties as assigned
Skills Required:
Proven ability to perform infrastructure and application vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
Experience in Security metrics reporting demonstrating risk reduction, trending and overall security posture of the company in terms of vulnerability management
Experience in other network infrastructure security technologies (DLP, IDM, SIEM, Proxy, IDS/IPS, Firewalls, PKI, Multifactor authentication etc is a plus
Experience reviewing 3rd party security reports (SSAE16 SOC 1 and 2, penetration testing reports, SIG) against industry security standards (CSA, NIST, CIS, OWASP) as part of an overall vendor management program.
Knowledge of system and application security threats and vulnerabilities, current and emerging threats/threat vectors, server and client operating systems (Windows, Unix, Mac OSX
Strong knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption), intrusion detection methodologies and techniques for detecting host- and network-based intrusions via intrusion detection technologies.
Extensive experience with risk management processes, including steps and methods for assessing risk
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, covert channel, replay, return-oriented attacks, malicious code
Extensive implementation experience with security and networking architecture, networking protocols, network security design, wireless security, intrusion prevention/detection, and firewall architecture.
Specific product experience that is desirable includes: Tenable Nessus, Rapid7 Nexpose and Metasploit, IBM Appscan, Burpsuite, Wireshark, etc.
Knowledge of security frameworks including NIST, ISO 27001/2, etc.
Proficiency in Microsoft software: Outlook, Word, Excel, PowerPoint, and Visio
Strong written and verbal communication skills
Must demonstrate effective, decision making, results delivery, team building, and the ability to stay current with relevant technologies, security tools and practices
Ability to manage multiple projects, priorities and deadlines
Ability to mentor other employees to improve their skills and effectiveness.
Ability to design, resource, status, and complete projects on time and on budget independently, with minimal supervision.
Demonstrated initiative, customer orientation, and team work competencies
Adaptability, flexibility and ability to work as part of a team or in an individual capacity
Education Required:
Bachelor Degree in computer science, engineering, information security or an equivalent combination of education, training, and experience