Cybersecurity Analyst

at  NVA

REQUIREMENTS

The Cybersecurity Analyst must meet the following requirements:

• Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts
• Knowledge of IT infrastructure, including Servers, workstations, windows, macOS, Linux operating systems, virtualization, cloud infrastructure, and mobile device management
• Knowledge of cybersecurity principles, including risk assessment and management, least privilege, threat and vulnerability management, encryption, EDR solutions, SIEM, secure email gateways, incident response, defense in depth, and identity and access management
• Strong problem-solving and troubleshooting skills
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner
• An understanding of NVA’s organizational mission, values and goals, and an ability to consistent apply this knowledge
• An understanding of business needs and a commitment to delivering high-quality, prompt, and efficient service to the business
• Ability to work on several tasks simultaneously and pay attention to sources of information from internal and external resources (e.g., NIST, PCI, vendor alerts, security bulletins, etc.)
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
• Has good judgment and a sense of urgency, and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service, and business integrity
• Willingness to learn and take on new challenges

Education/Experience: B.S. in Business, Computer Science, Information Security, or related field plus two or more years of security experience or four or more years of IT or network security specific work experience. Prior experience working in risk management, governance, and regulatory requirements related to cybersecurity is strongly desired.
Preferred Certifications: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC)
NVA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information. This role is not eligible for visa sponsorship. Hiring is contingent on candidate verifying their eligibility to work in the United States and passing a complete background check and drug screen.
Compensation: The total compensation range for this position is between $95,000-$107,000 and is eligible for benefits.
This role is not open to receiving agency candidates and any contingent submissions will not be honored.

This position will have the following responsibilities:

• Monitors emerging threats coming from multiple sources to aid in proactive identification of potential vulnerabilities
• Identifies, reports, and tracks resolution of security violations
• Identifies and follows through on opportunities for remediating or mitigating risks and assessing the residual risk
• Maintains and promotes policies, procedures, standards, and other documented processes
• Drives governance and risk activities to include tracking and reporting
• Participates in evaluation, remediation, and progression of security controls in line with compliance frameworks
• Collaborates with the CyberSecurity and Technology Risk team, the Technology Services team, and other departments to educate and incorporate security into business processes
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
• Writes comprehensive reports including assessment-based findings, outcomes, and propositions for further security enhancements
• Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery testing, publishing test results, and making changes necessary to address deficiencies