Start Date
Immediate
Expiry Date
16 Oct, 25
Salary
57938.45
Posted On
17 Jul, 25
Experience
2 year(s) or above
Remote Job
Yes
Telecommute
Yes
Sponsor Visa
No
Skills
Java, Risk Analysis, Information Security, Communication Protocols, Linux, Servers, Information Risk, Manual Handling, Communication Skills, Perl, Mysql, Connectivity, Python, Database, Octave, Business Continuity, Software, Drug Testing, Factor Analysis, Addition
Industry
Information Technology/IT
POSITION SUMMARY:
The Security Risk Analyst, under the direction of the Director of IT Security, is responsible for identifying, analyzing, and mitigating potential cyber security risks within and across all of the Tribe’s divisions including, government, health, gaming & hospitality and other enterprises. As part of the Security team, this position will participate in many cyber security activities, but will have a primary focus on risk identification and mitigation. Leading the regular functions and activities related to vulnerability identification and penetration testing, the Security Risk Analyst will analyze findings and report those to the proper IT management team members along with recommendations for mitigation.
ESSENTIAL FUNCTIONS: (includes, but is not limited to, the following)
PHYSICAL REQUIREMENTS:
Position medium with lifting of 50 pounds maximum. Physical factors include constant use of near vision and typing; frequent walking, sitting, kneeling, use of midrange/color vision; and occasional standing carrying, lifting, pushing/pulling, climbing, stooping, crawling, reaching, manual handling, use of hearing, smell and far vision, depth perception and field of vision, typing and bending. Working conditions include occasional exposure to extreme cold and noise. Potential hazards include frequent computer and equipment use and occasional exposure to moving mechanic parts, electric shock, client contact and medical equipment.
REQUIREMENTS:
Education: Associate’s Degree in Computer Science, Computer Information Systems Management or Technology related field required or three years of IT experience may be considered in lieu of a degree.
Experience: Two years of experience in cybersecurity including but not limited to compliance, threat detection, vulnerability analysis, and penetration testing required in addition to the above-stated education requirements.
Certification/License: Must undergo a Criminal Background Investigation done under the rules of the National Indian Gaming Commission. Must have a valid driver’s license and be insurable by the Sault Tribe Insurance Department. Must comply with annual driver’s license review and insurability standards with the Sault Tribe Insurance Department. Will be required to complete and pass pre-employment drug testing.
Knowledge, Skills and Abilities: Strong technical knowledge of common core business IT systems, infrastructure, wide-area-networks, internet communications and connectivity, websites and backup and storage systems. Skilled in network and system penetration testing, threat and vulnerability monitoring and analysis and risk analysis. Knowledge of Microsoft Active Directory, Microsoft Windows, servers and databases and communication protocols. Knowledge of IP based networks hardware and communication preferred. Knowledge of Business Continuity and Data System Security required. Knowledge of PERL, Java, HTML, MySQL, python, Web Application Programming and Linux preferred. Understanding of fundamental concepts in information security including confidentiality, integrity, and availability (CIA triad), risk assessment methodologies, threat modeling, and defense-in-depth strategies. Knowledge of current and emerging cyber threats, attack vectors, and malware trends. Understanding of threat actors, their motivations, and tactics, techniques, and procedures (TTPs). Familiarity with relevant regulatory requirements such as GDPR, HIPAA, PCI-DSS, MICS, CJIS and industry standards like ISO 27001/2. Understanding of legal and compliance frameworks applicable to data protection and privacy. Proficiency in risk assessment methodologies such as NIST SP 800-30, FAIR (Factor Analysis of Information Risk), and OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation). Knowledge of vulnerability assessment tools and techniques. Understanding of common vulnerabilities and exposures (CVEs), vulnerability databases, and patch management processes. Familiarity with various security technologies including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus solutions, encryption techniques, secure network architecture, and security information and event management (SIEM) systems. Must have organizational skills and be able to plan, prioritize and manage workload to meet goals in a timely manner. Must have excellent communication skills and be able to communicate clearly in person, in writing, and by telephone and email. Strong problem-solving skills required. Must be able to establish and maintain effective communication with co-workers, supervisors and the general public. Must be able to use word processing, spreadsheet, presentation and database software. Must be able to work extended hours when needed. Must be flexible and available to work various shifts, including nights, weekends and holidays. Position requires being on-call based on business needs. Must maintain strict confidentiality. Native American preferred.
Powered by ExactHire:182p97kyp6o0xlv3em5
ESSENTIAL FUNCTIONS: (includes, but is not limited to, the following)