The core responsibilities of this position are as follows:
• Security Alerts Review and Analysis
- Conduct detailed first-level analysis of security alerts generated by SIEM tools, endpoint protection, and other security systems to identify potential threats.
- Prioritize alerts based on severity, impact, and urgency to ensure that critical issues are escalated and addressed promptly.
- Use threat intelligence platforms and databases to correlate alerts with known security threats, vulnerabilities, and incidents.
• Incident Escalation and Support
- Work closely with the Incident Manager and Security Engineers to provide actionable intelligence and support for escalated security incidents.
- Assist the Incident Manager in ensuring they have enough information from the initial findings to document incident details, analysis findings, and steps taken for resolution to contribute to post incident reviews, knowledge sharing, and continuous improvement in Cyber Security efforts.
- Assist in developing and refining incident response protocols and procedures to improve response times and outcomes.
• Application Access Audits and Monitoring
- Regularly perform audits of application access controls and permissions, especially for applications utilizing role-based authentication (e.g., Financial, HR, Personnel systems) to ensure compliance with organizational policies and standards.
- Identify and report unauthorized access attempts or policy violations, suggesting improvements to access controls and policies.
- Collaborate with IT administrators and business unit managers to ensure appropriate application access levels are maintained according to job roles and responsibilities.
• Security Awareness and Training
- Ensure that security awareness training materials focus on application access best practices, password management, and recognizing phishing attempts and other social engineering tactics.
- Assess the effectiveness of the training across the territory and organize training sessions for employees across various departments (e.g., ARCC, Finance, CRD, HR) relevant to the sensitive data they handled. Ensuring they understand their roles in maintaining cybersecurity.
- Stay informed about new security awareness training methods and technologies to enhance the effectiveness of training programs.
• Compliance and Best Practices Implementation
- Ensure all cybersecurity practices and protocols adhere to relevant regulatory and compliance standards (e.g., NYSHIELD, GDPR, HIPAA, PCI-DSS).
- Assist in reviewing and updating security policies and procedures to align with best practices and compliance requirements.
- Assist the Information Security Director by participating in internal and external audits, providing necessary documentation and evidence of compliance where warranted.
• Threat Intelligence and Research
- Actively follow cybersecurity news, trends, and threat intelligence reports to stay ahead of the organization's potential security threats.
- Contribute to internal threat intelligence by analyzing and summarizing current threats, vulnerabilities, and attack methodologies.
- Engage with cybersecurity communities and forums to exchange knowledge and stay informed about emerging cybersecurity technologies and practices.
• Tools and Technologies Management
- Assist in evaluating, selecting, and deploying cybersecurity tools and technologies that enhance the organization's security posture.
- Where relevant to the role, ensure proper configuration, maintenance, and update of security tools to optimize their effectiveness and efficiency.