Principal Information Security Analyst

Nesco Resource
01 Dec 2022
10 Dec 2022
Employer Sector
Technology, IT & Telecoms
Contract Type
Full Time
General Summary
Act as a subject matter expert concerning complex information security technology, topics, and issues. Perform highly technical and complex, specialized duties in the areas of security management, risk management, incident management and/or vulnerability management. Identify and direct information security program and technology implementations to remediate or mitigate security issues.

Essential Functions
Define, evaluate, justify and drive and information security controls and technology to ensure the protection of the organization's information assets.

Use a strategic approach to define current and future capability requirements. Prioritize and drive execution to that roadmap. Update and communicate it regularly with CISO and other high–level stakeholders.

Use extensive cyber–security background to review current security posture across all lines of business.

Conduct security project meetings to identify gaps and recommend security enhancements to ensure security requirements are integrated and implemented

Lead Architecture, Infrastructure and Technology teams to review existing capabilities and recommend security enhancements

Update and validate information security policies, standards and procedures to ensure they support the goals of the Information Security Program

Support detailed risk analysis and risk assessment to identify, mitigate and control risks to infrastructure, information systems and data

Assist in third party evaluations to ensure that their technology environment appropriately protects shared data, that contracts have the appropriate security requirements, and that those requirements are met through regular audits and assessments

Document and lead automation of security incident management practices to ensure all incidents are diagnosed, logged, escalated, and closed to its final resolution.

Monitor and report changes in threat dispositions, activities, tactics, capabilities, objectives, etc. as related to designated cyber operations

Provide current intelligence support to critical internal/external stakeholders as appropriate

Lead Threat Analysis across VSP Global Enterprise (Insurance, Retail, Health Care Provider, SaaS software solutions and Manufacturing businesses)

Identify and justify automation efforts to improve security posture without increasing cost

Actively hunt threats using threat intelligence and knowledge of the environment

Lead Information security technical incident response

Monitor changes in threat landscape, identify trends for future threat analysis to ensure security controls are in place to meet threats when they arise in the VSP business environment

Job Specifications
Typically has the following skills or abilities:
Bachelor's Degree in Computer Science, Electrical Engineering, or related field or equivalent experience

12 years of hands–on technical information security experience in threat and vulnerability analysis, threat hunting, and/or security incident response

Minimum 4 years IT experience with a focus on systems engineering. Private and Public Cloud security experience is highly preferred

Technical Security certification like SANS GIAC–type certification(s)

Advanced knowledge of security principles and technologies

Strong verbal and written communications skills that can be applied to all levels of an organization from the CTO to a deskside technician

Proven ability to communicate using slides, documents, and spreadsheets

Ability to regularly exercise discretion and independent judgment in the performance of job duties

Data analysis as it relates to security event logging and monitoring with the ability to demonstrate effectiveness hunting in a complex environment

Nesco Resource and affiliates (Lehigh G.I.T Inc, and Callos Resource, LLC) is an equal employment opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or veteran status, or any other legally protected characteristics with respect to employment opportunities.