Job Description

Security Analyst
Job Number: 21-16507
Use your skills where innovative technology solutions begin. Eclaro is looking for a Security Analyst for our client in Chestertown, MD. 
Eclaro’s client is a leading technology solutions provider, collaborating with customers to manage their needs and achieve success in their business goals. If you’re up to the challenge, then take a chance at this rewarding opportunity!
Position Overview:
  • Provide a high level summary of the job. Include minimum years of specific experience needed.
  • Keep in mind, this is how you're selling the job to potential candidates.
  • As a Compliance Technical Advisor and System Administrator, the Cyber Security Analyst will perform IT control and privacy/compliance regulatory assessments and remediations on all networks and systems.
  • Tasks will be highly technical, requiring an excellent understanding of security technologies and strategies.
  • The Cyber Security Analyst will oversee compliance and regulation requirements as well as protect the integrity of all aspects of IT.
  • Monitor overall network for weaknesses and remediate potential risks by performing internal and external penetration testing.
  • This position has ownership and accountability for implementing all highly technical cyber strategic and operational activities related to the NIST framework, GDPR, CIS controls and CMMC requirements.
  • Position functions within the Cyber Security & Compliance section of IT and will have collaborative interations with Legal, NetOps, Help Desk and the international businesses.
  • Work of this class has no supervisory duties but is included in all IT projects and is a member of the Change Advisory Board (CAB).
  • Defines standards and technical controls required by CMMC, CUI data handling, NIST framework and CIS controls.
  • Audit's systems to ensure proper compliance and controls are in place where needed. i.e. endpoint encryption, inventory, patching, remote wiping, account provisioning, etc.
  • Oversee state and federal compliance and regulation requirements.
  • Provide technical writing for system documentation. Compose and maintain all IT related policies and procedures.
  • Assist with the creation, maintenance, and delivery of Employee Cyber Security Awareness program Cyber Security Controls
  • Research/evaluate emerging cyber security threats and ways to manage them. Investigate security alerts.
  • Follow the change management process to secure the overall IT infrastructure. i.e. Active Directory, Operating systems, hardware firmware, IoT devices, network traffic, etc.
  • Maintain a risk matrix to help prioritize cyber initiatives and maintain a cyber roadmap with associated budgetary costs.
  • Provide strategic and technical recommendations following identification of vulnerabilities in operating systems, applications, and network infrastructure. Oversight and hands on implementation to remediate vulnerabilities required.
  • Implement, oversee and support security solution capabilities, such as firewalls, intrusion prevention and detection, endpoint protection, data encryption, SIEM, and traffic filtering.
  • Understand and have accurate inventory of all IT assets to evaluate security controls and recommend corrective actions to mitigate technical risks.
  • Prepare and deliver reports outlining test results and present to technical and non-technical staff. i.e. measurable cyber maturing metrics and operational performance activities.
  • Develop, recommend, and maintain methodologies and tools to enhance the cyber maturity model.
  • Own the overall IT security posture to include composing comprehensive Business Resumption Plan, Disaster Recovery Plan, Security Awareness Plan and IT Security Incident Handling Plan, etc.
  • Proactively monitor all IT assets for security breaches and follow the major incident plan if needed. Monitor data flows on the network.
  • Schedule and perform frequent testing and simulate cyber-attacks. i.e. plan for disaster recovery and create contingency plans in the event of any security breaches
  • Analyze high volume of logs to monitor activity and investigate potential malicious activity.
  • Protect and secure the cloud datacenter model to include various vendor hosted SaaS offerings.
  • Perform other duties as assigned
Required Skills:
  • Competencies: List the technical/professional skillset and actual behaviors needed to successfully perform the job.
  • Think about knowledge, skills, abilities and other attributes required for the role.
  • Excellent analytical and problem-solving skills
  • Excellent attention to detail
  • Understanding of Active Directory
  • A passion for Service Management
  • Able to work under pressure in a fast-paced environment and meet deadlines
  • Able to manage sensitive and confidential information
  • Self-motivation and able to take ownership and responsibility
  • Results oriented with continuous improvement focus
  • Manage priorities and efficient time management
  • Demonstrate initiative and proactive approach to daily tasks
  • Risk based decision making (risk analysis, mitigation, resolution, etc.) skills
  • Strong communication skills for both technical and non-technical audiences with focus on customer service
  • Strong knowledge of IT software and hardware
  • ITSM tool experience
  • Extensive knowledge of Microsoft desktop and server Operating Systems, VMware and networking protocols
  • Excellent analytical and problem-solving skills.
  • Excellent understanding of web applications, servers, frameworks and protocols.
  • Ability to identify/remediate security weaknesses as well as perform live packet capturing for troubleshooting, i.e. identify bottlenecks and performance issues.
  • Extensive knowledge of infrastructure and application security technologies to include cloud services.
  • Five (5) or more years' experience of direct IT security experience.
  • CMMC, GDPR, PCI knowledge as well as understanding of NIST requirements.
  • CEH, CISA, CISSP and/or Security+ certification preferred
  • Sonicwall firewall experience preferred.
If interested, you may contact:
Tim Cusick
Tim Cusick | LinkedIn
Equal Opportunity Employer: Eclaro values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online