IT Security Analyst in Monrovia, CA at Ducommun

Date Posted: 5/29/2020

Job Snapshot

Job Description

IT Security Analyst

Job Description

Job Summary & Essential Functions:

The IT Security Analyst is responsible for supporting network monitoring, preventative and detective controls, forensics and investigations, security awareness, security vulnerability management and cyber threat intelligence activities.  The incumbent will work with all business functions to support security awareness and compliance. The Security Analyst will be tasked with supporting the Security/Network Operations Center (SOC) which is required for future CMMC compliance.

Standard Essential Functions

% of Time

 

• Assess, triage and prioritize security alerts from logging and monitoring systems.

• Identify, triage, and remediate threats based on threat intelligence as well as active analysis of log data. Investigate and communicate with peers on the risk posed by these threats. Report on findings from investigations and incidents to the broader organization as necessary.

• Help to create and operate the SOC playbook to protect Ducommun people, missions, and assets.

• Evaluate system, application, and user data for adherence to organizational policies and procedures.

• Apply critical thinking to all activities and actions, in pursuit of Ducommun and Information Security goals.

• Assess newly published vulnerabilities and attacker Tactics, Techniques and Procedures (TTPs) to identify possible defensive measures to locate and stop threat actors.

• Contributes to tool optimization and automation initiatives to streamline analysis and response workflows.

50%

• Oversee configuration management of assigned systems; auditing systems to ensure security posture integrity.

• Support assessments and test/analysis data to document state of compliance with security requirements.

• Conduct risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities.

• Conducts periodic hardware/software inventory assessments.

• Interfaces with the appropriate internal departments, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements.

• Provides guidance and coaching to support team within Information Security.

• Manages and performs security compliance continuous monitoring.

• Prepares, reviews, and presents technical reports and briefings.

• Identifies root causes, prioritizes threats and recommends and/or implements corrective action.

• Explores the enterprise and industry for evolving state of industry knowledge and methods regarding information security best practices.

• Supports development of enterprise-wide information security policies, standards, guidelines and procedures that may reach across multiple stakeholder organizations.

25%

• Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.

• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.

• Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

20%

• Responsible for the proper handling and management of hazardous waste generated in their work area.

• Performs other duties as assigned including leading projects and participation in project committees.

5%

Skills & Qualifications

Required Education and Experience

 

• A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.

• 1-2 years experience in IT security analysis and management.

• 3 years experience in the Defense Industry.

Required Licenses / Certifications

 

• CMMC – Cybersecurity Maturity Model Certification – preferred.

• COBIT – Control Objectives for Information and Organization - framework certification preferred.

• ITIL certification / training preferred.

Required Knowledge, Skills and Capabilities

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skills, qualifications, competencies, abilities and any physical demands if required. Physical demands are representative of those that must be met by an employee to successfully perform the essential requirements of this job.

 

• Understanding of the business impact of security tools, technologies and policies.

• Guide IT infrastructure personnel, and work with minimal supervision.

• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel.

• In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.

• Understanding of information security concepts, protocols, industry best practices and strategies.

• Experience working with legal, audit and compliance staff.

• Experience administering policies, procedures, standards and guidelines.

• Develop skills in common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks, DFARs standards, and the CMMC

• Understanding of security architecture and plans, including strategic, tactical and project plans.

• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

• An understanding of operating system internals and network protocols.

• Experience in system technology security testing (vulnerability scanning and penetration testing).

• 15% local travel (So Cal), 10% other travel

Physical Demands

These are the essential physical demands for this position. Reasonable accommodations may be requested directly with the Humna Resources Department. This section can be modified to meet the needs of the specific location assigned.

Work Enivironment (greater than 51% of time spent is in what type of environment):

Choose an item.

Physical Abilities

Frequency

Lift / Carry Requirements

Frequency

Stand

Frequently

10 lbs or less

Frequently

Walk

Frequently

11-20 lbs

Occasionally

Sit

Continuously

21-50 lbs

Occasionally

Climb

Occasionally

51-100 lbs

N/A

Crawl

Occasionally

Over 100 lbs

N/A

Squat or Kneel

Occasionally

Bend

Occasionally

Push/Pull Requirements

Frequency

Fine Manipulation

Occasionally

10 lbs or less

Frequently

Reach Outward

Occasionally

11-20 lbs

Occasionally

Reach Above Shoulder

Occasionally

21-50 lbs

Occasionally

Drive

Occasionally

51-100 lbs

N/A

Over 100 lbs

N/A

Definitions:

N/A (Not Applicable) - Activity is not applicable to this occupation

Occasionally - Occupation requires this activity up to 33% of the time (.25 - 2.5 hrs/day)

Frequently - Occupation requires this activity from 33% - 66% of the time (2.5 - 5.5 hrs/day)

Continuously - Occupation requires this activity more than 66% of the time (5.5+ hrs/day)

Equal Opportunity Employer Veterans/Disabled


801 Royal Oaks
Monrovia, California, 91016
United States