Information Security Analyst

This role is primarily responsible for executing the tactical and strategic initiatives of the Information Security team to include programs such as risk and vulnerability management incident response security architecture and thirdparty vendor management. Work is typically assigned by the Information Security Manager although the Information Security Analyst is expected to operate with minimal oversight and be able to identify areas of opportunity to get involved with information security tasks and initiatives. The ideal candidate would be comfortable working in a fastpaced environment excel at communicating to technical and nontechnical staff be capable of switching between tasks as situations and criticality arise and be passionate about learning and continuous education.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

• Execute on security strategy as defined by the Information Security Manager.
• Take ownership of the Firms Vulnerability Management Program working with crossfunctional teams to identify manage and mitigate security vulnerabilities across the Firm.
• Assist with the administration of the Firms Vendor Risk Management process including analyzing and responding to thirdparty risk assessments.
• Monitor and respond to information security alerts and notifications (IDS/IPS SIEM AV/EDR etc..
• Collaborate and advise on IT projects to ensure security issues are addressed throughout the project life cycle.
• Assist other IT teams in developing and employing security solutions across various applications and product platforms.
• Administer and utilize various endpoint and network security tools such as antivirus/EDR SIEM Firewall or other comparable advanced detection and response tools.
• Administer and utilize vulnerability scanning packet analysis and exploitation tools such as Nessus nmap Wireshark tcpdump Metasploit or similar technologies.
• Design review and aid with implementation of secure networks and system architecture (ex. network topology reviews firewall ruleset reviews minimum security baselines etc..
• Design review and administer Azure cloud security controls and architecture including auditing Azure cloud environments.
• Utilize scripting languages such as PowerShell and Python.
• Apply appropriate controls referenced in various security frameworks and standards such as ISO27001:2013 NIST 80053 CIS Top 20 Controls etc.
• Monitor and secure Microsoft client and server systems along with Fortinet (or comparable) network devices.
• Assist with the management and maintenance of user security policy education training and awareness programs.
• Conduct security research to stay abreast of latest security issues including laws and regulations which may affect the Firm.
• Other duties as requested and assigned.

QUALIFICATION REQUIREMENTS: To perform this job successfully an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

EDUCATION/EXPERIENCE:

• Bachelors Degree in Computer Science Management Information Systems or related field with a minimum of 57 years of experience in Information Technology including 35 years of experience in Information Security with two or more of the following domains: Windows Systems Administration UNIX/Linux Systems Administration Networking Access Control Incident Response and Information & Data Security.
• Preferred Certifications:
  • Certified Information Systems Security Professional (CISSP)
  • GIAC GSEC GCIH GCIA GCWN or equivalent certification
  • CompTIA Security CySA Network CASP or equivalent certification

TECHNICAL SKILLS:

• Demonstrated proficiency in Microsoft Office Suite including Word Outlook Excel and PowerPoint.
• Proven aptitude to learn new software applications.

LANGUAGE SKILLS:

• Very strong communication skills both written and oral. Excellent interpersonal communication skills necessary to maintain effective relationships with staff trusted thirdparty partners attorneys and clients. Establish credibility with staff and attorney base through quality work and communications that bring to bear the right mix of confidence tact persistence and reliability. Written communications must be concise professional and accurate.

MATHEMATICAL SKILLS:

• Ability to add subtract multiply and divide in all units of measure using whole numbers common fractions and decimals.

REASONING ABILITY:

• Ability to apply common sense understanding to carry out instructions furnished in written oral or diagram form.
• Ability to deal with problems involving several concrete variables in standardized situations.
• Ability to define problems collect data establish facts and draw valid conclusions.
• Ability to interpret an extensive variety of instructions and deal with several abstract and concrete variables.
• Exhibit independent thinking and decision making.
• Ability to interpret an extensive variety of instructions in mathematical or diagram form and deal with several abstract and concrete variables.
• Ability to think strategically develop tactics and execute pragmatically.

OTHER SKILLS and ABILITIES:

• Excellent organizational and planning skills with ability to prioritize multiple tasks and projects to meet deadlines.
• Ability to work under pressure in a fastpaced environment with demanding individuals.
• Strong analytical and organizational skills with a tolerance for uncertainty and an ability to prioritize and complete simultaneous projects with minimal supervision.
• Outstanding creativity; flexibility and persistence; motivation and energy with the ability to work with little supervision and collaborate with other members of the team.
• Ability to work overtime when needed. Work occasionally requires more than 40 hours per week to perform the essential duties of the position.
• A tolerance for uncertainty and an ability to prioritize and complete simultaneous projects with minimal supervision.
• Thorough understanding of technologies that can be applied to firm operations and enhance working efficiency.
• Ability to exercise discretion with confidential and sensitive information.

PHYSICAL DEMANDS: The physical demands described here are representative of those that should be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• While performing the duties of this job the employee is regularly required to sit; use hands to finger handle or feel objects documents books pen/pencil paper controls and manipulate a keyboard and input data into a PC; and talk or hear. The employee is frequently required to walk.
• The employee is occasionally required to use hands to prepare correspondence and reports on a personal computer.
• The employee is occasionally required to stand and reach with hands and arms. And stoop kneel bend crouch or crawl.
• Ability to operate a variety of standard office equipment including a computer copy and facsimile machines.
• The employee must occasionally lift and/or move up to 25 pounds.
• Specific vision abilities required by this job include close vision distance vision peripheral vision depth perception and the ability to adjust focus.

WORK ENVIRONMENT: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• The noise level in the work environment is usually moderate.

Baker & Hostetler LLP is an Equal Opportunity Employer.

#LIRemote

Required Experience:

IC