MetTel is looking for a highly motivated and experienced Cybersecurity Analyst - Compliance to join our growing Security & Compliance team!
Why MetTel
MetTel is a cutting‐edge telecom service provider delivering software and telecom services to enterprise companies nationwide. Our teams help create next-‐generation systems to meet the challenge of today’s rapidly changing business climate, and set new standards for the telecom industry. From traditional voice to advanced services, MetTel’s extensive partnerships enable us to deliver a complete portfolio of services in the United States, Canada and Puerto Rico as well as global MPLS and VoIP solutions. We believe that each team member is a key to the success and sustainability of the group. In order to achieve this, we offer an environment where all professionals can grow and develop their skills and competencies, collaborate with diverse professionals, share knowledge and enjoy a rewarding career.
Key Responsibilities
In this role, you will be responsible for maintaining risk management framework, vulnerability management, and configuration compliance for our core infrastructure as part of the security & compliance team. The Cybersecurity Analyst - Compliance will manage compliance for NIST800-53 moderate and high environments and ensure development, implementation as well as assessment of relevant security controls.
Additional Key Responsibilities Include
- Perform technical assessments of systems and networks and identify deviation from acceptable configurations, enterprise policies, and local standards.
- Identify security and compliance gaps, partnering with system owners and stakeholders to appropriately remediate.
- Develop security documents, such as system security plan, contingency plan, configuration management plan, and incident response plan.
- Develop, maintain, monitor, and improve appropriate internal controls and policies to protect systems and data.
- Support third-party risk management efforts including supplier onboarding and periodic cyber assessments, to include risk analysis.
- Participate in Risk Management Framework (RMF) Assessment and Authorization (A&A), specifically assessment and continuous monitoring activities.
- Vulnerability management, specifically with vulnerability scan report findings and mitigation plans.
- Support the analysis and review of the information security of systems to ensure compliance to security policies.
- Conduct information assurance compliance testing using automated tools and manual tests. Use Nessus for vulnerability scanning and configuration baseline testing such as CIS benchmarks, database, and web application scanning.
- Compile and correlate compliance testing results for weekly and monthly reporting, working with engineering staff to ensure that identified vulnerabilities are addressed.
- Monitor and analyze security events and alerts from multiple sources, including security information and event management (SIEM) software, network and host-based intrusion detection systems, firewall logs, user reported incidents, and system logs (Windows and Linux), and databases.
- Initiate incident notification, case tracking/management, recovery actions, and report status updates.
- Participate in the remediation of incidents and responses that are generated from live threats against the enterprise.
- Support follow-on actions, such as coordinating with other organization teams to facilitate remediation of the alert/event/incident, and close out the investigation.
- Provide Incident Response (IR) support when analysis confirms actionable incident.
Desired Skills And Experience
- Bachelor’s degree in information technology, business, risk management, or a related field.
- 3+ years of experience in a security related role.
- Proven experience in governance, risk management, or compliance roles.
- Strong knowledge of regulatory frameworks, industry standards, and best practices related to GRC.
- Proficiency in risk assessment tools, compliance management systems, and data analytics software.
- Experience with vulnerability scanning tool Nessus or Tenable.io.
- Experience maintaining POA&M.
- Knowledge of incident response life cycle and steps.
- Knowledge of TCP/IP protocols, network analysis, and network/security applications.
- Excellent written and oral communication skills.
- Initiative-taking and able to work in an independent manner.
Additional Criteria
- Relevant certifications (e.g., CISA, CISSP, CRISC) are a plus.
- Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions