Job Description Redtech is helping our client with a
Direct Hire search for a
Senior IT Security Analyst. Location - Tacoma, WA Local candidates only, no 3rd parties.
Schedule - Flexible/Hybrid - 2 days per week onsite. Tuesday & Wednesdays (potential for additional days pending project specifics and deadlines)
Full time hours - 40/week - Must be available to work any combination of days and hours as needed, including weekends and holidays, and availability for 24-hour on-call status when required. Must be willing to travel to attend trade shows or training classes on an infrequent basis; may be required to work outside of regular business hours on an infrequent basis.
Estimated Start Date ASAP Anticipated Starting Salary range - target salary is approx. $140,000 target. Full range is $107K-$170K depending on qualification
Benefits - (all are based on eligibility)
Our CLIENT is proud to offer an excellent benefits package. This includes medical, prescription, vision and dental with no out-of-pocket premiums and full coverage for employee, spouse, and all eligible dependents. In addition, CLIENT offers vacation, paid holidays, sick leave, bereavement leave, paid parental leave, participation in the Washington State Public Employees' Retirement System (PERS) and a Company-funded Voluntary Employee Beneficiary Association (VEBA) account for out-of-pocket health related expenses for employees and their eligible dependents. The benefits package is valued between 45%-55% of base salary.
The successful candidate must possess (or obtain within 30 days of employment) a valid driver's license. Candidate must also be able to obtain/maintain a Transportation Worker Identification Credential (TWIC), which is a program managed by the Department of Homeland Security (DHS).
Job Description: The Senior IT Security Analyst is focused on safeguarding the organization's technology from risks and attacks. They play a crucial role in protecting the technology from unauthorized access, threats, and vulnerabilities. This role involves monitoring, detecting, investigating, analyzing, and responding to security events. Additionally, they will implement and maintain defensive measures using cybersecurity systems, tools and best practices.
ESSENTIAL FUNCTIONS What are the primary functions or essential duties of this position?
1. Securing the CLIENT's Technology: - Oversee access, identify suspicious activity, and recommend solutions to reduce risk and prevent cyberattacks
- Partner with other IT team members to secure networks, systems, applications, and sensitive information by ensuring that best practices are followed.
- Continuous development and use of modern security controls to protect the CLIENT's endpoints
- Timely communication regarding security issues to peers and management
- Validate security software and firmware updates are installed and current on all networks and systems
2. Performing Security Assessments: - Identify, assess and prioritize system vulnerabilities for timely remediation
- Assess and prioritize potential risks and their impacts on organizational assets
- Conduct or lead third parties through simulated attacks to identify and address security weaknesses
- Assess regulations and standards through regular audits and corrective actions
- Provide input on security policies from assessments to address current threats and recommendations for organizational alignment
3. Cybersecurity Incident Response and Disaster Recovery Planning: - Respond to security incidents, including containment, eradication, and recovery efforts
- Timely communications and activation of Incident Response Team
- Conduct post-incident analysis to determine root cause and preventative measures
- Maintain and update incident response documentation and tools
- Plan annual Cybersecurity Incident Response and Disaster Recovery Tabletop exercises
- Evaluate and update disaster recovery plans based on lessons learned and actual incidents
4. Education, Audit and Compliance: - Maintain and advance security awareness, phish testing and specialized training for employees
- Contribute to Informing staff about new security threats, policies, and procedures through regular updates and educational materials
- Conduct internal security audits, support external auditors, and ensure audit findings are addressed
- Track and maintain all audit recommendations and report on remediation progress
- Stay current with relevant laws, regulations, and industry standards, and assist in the development of policies to ensure compliance
- Consult on security policies and procedures and alignment with compliance requirements
5. Managing Business and Vendor Partnerships: - Establish and sustain effective working relationships with internal IT teams and business partners
- Collaborate with partner organizations
- Supervise and maintain relationships with the CLIENT's Cybersecurity vendors, specifically for:
- Managed Services
- Annual penetration testing
- Annual security performance audits
- Annual incident response (IR) and disaster recovery (DR) tabletop exercises
- Various annual government and military assessments and audits
6. Governance and Risk Management: - Develop, update, evaluate, and help implement security policies, standards, and procedures to ensure they are in line with organizational objectives and regulatory mandates.
- Partner with stake holders to assist in the implementation and maintenance of a governance framework to oversee security initiatives, ensuring they are effectively managed and integrated across the organization
- Partner with the Cybersecurity Oversight Committee to discuss risk, remediation and oversight (monthly)
- Conduct regular risk assessments and analyses to identify, evaluate, and prioritize potential security threats and vulnerabilities
- Develop and implement risk mitigation strategies and controls, and continuously monitor and report on the effectiveness of these measures
Knowledge • Demonstrated knowledge of security protocols, incident response, threat analysis, vulnerability assessment, and security technologies.
• Knowledge and familiarity in NIST CSF 1.1+ and related cybersecurity standards, protocols, and regulations.
• Familiarity with security technologies, firewalls, IDS/IPS, antivirus, encryption, and vulnerability management tools.
• Knowledge of incident response processes, disaster recovery planning, and post-incident analysis
• Understanding of GRC frameworks to ensure the organization meets regulatory requirements and industry best practices.
• Awareness of how to develop, evaluate, and implement security policies and procedures in alignment with organizational goals and regulatory mandates.
• Knowledge of managing relationships with cybersecurity vendors and collaborating with external partners like government agencies and other relevant organizations.
Skills • Skill in conducting risk assessments, identifying vulnerabilities, prioritizing remediation efforts to mitigate security risks.
• Advanced ability to perform technical security assessments, including vulnerability scanning, penetration testing, and threat analysis.
• Strong communication skills, both written and verbal, to effectively convey security issues, policies, and procedures to various stakeholders, including non-technical audiences.
• Proficiency in coordinating and executing incident response plans, including containment, eradication, and recovery, as well as conducting root cause analysis.
• Expertise in conducting internal security audits, supporting external audits, and ensuring compliance with laws, regulations, and industry standards.
• Skill in staying updated with the latest cybersecurity threats, technologies, and best practices, and applying this knowledge to the organization's security posture.
Abilities • Ability to analyze complex security incidents, assess the impact, and develop effective solutions to address vulnerabilities.
• Ability to work with cross-functional teams, including management, and external partners, to achieve security objectives.
• Capability to lead security initiatives, mentor, and influence stakeholders to adopt best practices in cybersecurity.
• Ability to monitor systems, detect suspicious activities, and ensure all security measures are implemented and maintained accurately.
• Ability to make timely, informed decisions in high-pressure situations, particularly during security incidents or breaches.
• Skill in managing cybersecurity projects, planning, and execution, to ensure they are completed on time and within scope.
EDUCATION & EXPERIENCE REQUIREMENTS Bachelor's degree in cybersecurity, computer science or information technology or related field and a minimum five (5) years progressively responsible Cybersecurity experience in risk management, governance, audit and compliance. An additional four (4) years' experience in Cybersecurity can substitute for a bachelor's degree.
Experience working with the NIST CSF 1.1 or greater preferred.
Professional Certifications Preferred: • CCSP: Certified Cloud Security Professional (or related industry security certs)
• CEH: Certified Ethical Hacker . click apply for full job details