Resonant Sciences LLC has an immediate opening for an IT/Cloud Security Analyst to join our team. The candidate will have an opportunity to be a member of a team consisting of talented and dedicated engineers, technicians and professionals who work together to interrupt and challenge the status quo to design, develop, and produce state-of-the-art technologies.
A detail-oriented, effective, and experienced IT/Cloud Security Analyst will use their expertise to monitor and optimize the security of our IT and Cloud environment by securing our perimeter, systems, devices, and platforms while keeping an eye on emerging threats and vulnerabilities. The IT Security Analyst performs two core functions for the enterprise. The first is helping to administer the day-to-day operations of the in-place applications, infrastructure, and security solutions. The second function is the identification, investigation, and resolution of security breaches detected by those systems. Secondary tasks may include involvement in the implementation of new security controls, solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures as well as conducting vulnerability audits and assessments. The IT Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals while at the same time ensuring the business needs are met.
DUTIES AND RESPONSIBILITIES:
Strategy & Planning:
- Participate in the planning and design of enterprise security architecture, under the direction of the IT Security Manager, where appropriate.
- Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.
- Participate in the planning and design of an enterprise business continuity plan and disaster recovery plan, under the direction of the IT Security Manager, where appropriate.
Acquisition & Deployment:
- Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
- Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
Operational Management:
- Maintain up-to-date baselines for the secure configuration and operations of all in-place devices (e.g. security tools, workstations, servers, network devices).
- Maintain operational configurations of all in-place security solutions as per the established baselines.
- Monitor all in-place security solutions for efficient and appropriate operations, including overseeing and coordinating with external vendor partners and service providers.
- Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution.
- Participate in investigations into problematic activity.
- Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.
- Provide support and redundancy for other IT team members in the administration of systems, support of users, contribution toward projects and other similar IT needs that require a strong IT skillset.
- Perform other duties, as assigned.
REQUIRED QUALIFICATIONS: - Significant knowledge of and experience with legal and regulatory compliance standards such as NIST 800-23, NIST 800-171, CMMC, or similar
- Experience with IT governance, risk, and compliance management.
- Knowledge of computer networking concepts and protocols and network security methodologies.
- Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
- Knowledge of virtualization technologies such as VMware, Hyper-V, cloud virtualization platforms, or other such solutions.
- Knowledge of Device Management Solutions: Strong understanding of In Tune a plus.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of risk management processes.
- Knowledge of specific operational impacts of cybersecurity lapses.
- Extensive experience with security tools, controls, and administration of security within a Windows-based environment
- Working experience with administration, security policies, and associated controls within an Active Directory / Azure AD environment
- Exposure to working with a 3rd party monitoring and solutions provider (Arctic Wolf) is preferred.
- Working technical knowledge of security frameworks – in particular, NIST 800-171 and CMMC – in support of federal clients
- Strong understanding of IP, TCP/IP, and other network administration protocols.
- Experience with firewalls and edge security, network segregation and similar protective layers
- Strong understanding of Windows, Linux familiarity a plus
- Familiarity with cloud-based and hybrid architectures – including Azure and GCC-High environments – strongly preferred
- Familiarity with Azure security practices and tools.
- College diploma or university degree in Computer Science and 4 or more years of equivalent work experience.
- One or more of the following certifications:
- CompTIA Security+
- GIAC Information Security Fundamentals
- Microsoft Certified Systems Administrator: Security
- CISSP, CISA, or other relevant security-related designation(s) an asset.
DESIRED SKILLS/ABILITIES:
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Keen attention to detail.
- Team-oriented and skilled in working within a collaborative environment.
- Ability to handle sensitive materials and maintain the highest level of confidentiality.
- Excellent communication skills, both oral and written.
WORKING CONDITIONS:
- 40-hour on-site work week.
- No travel anticipated.
- Sitting for extended periods of time.
- Sufficient dexterity of hands and fingers to efficiently operate a computer keyboard, mouse, and other computer components.
- Lifting and transporting of moderately heavy objects, such as computers and peripherals.
CITIZENSHIP/SECURITY CLEARANCE:
- U.S. Citizenship required. Ability to obtain an active Secret security clearance upon hire du to the work and contract requirements.
WHAT’S IN IT FOR YOU?
- Become part of a high-tech work environment that is highly impactful, exciting, and collaborative.
- Flexible working environment that enables our employees to balance work and personal life.
- A comprehensive benefits package that includes medical, dental, vision and prescription benefits with extremely low employee cost share for you and your eligible dependents.
- A well-funded Health Spending Account with standard account fees paid by Resonant Sciences.
- 10 Federal Holidays (6 Standard, 4 Floating).
- A flexible Paid Time Off plan for employees.
- A generous retirement plan, subject to plan, IRS and ERISA rules.
WHO ARE WE?
Resonant Sciences is a research and development firm with locations all over the United States, focused on developing and transitioning innovative technologies and solutions to developmental and operational platforms. Our areas of expertise include radome and antenna design and fabrication, custom electronic solutions, and RF measurements of materials, antennas, radomes, and subsystems. Our extensive capabilities include design and analysis, production, and ground and flight testing.
A career at Resonant Sciences means that you will be involved in the complete development life cycle, seeing your design evolve from development prototype to incorporating mission requirements to technical specifications into a finished product for field testing.
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.