Internal Security, Senior Analyst
Description
Summary:
Internal Security, Senior Analysts will work for Cybersecurity's data protection program in a critical role designed to help protect and defend against the loss of Huntington’s most critical data and the misuse and/or abuse of Huntington’s Corporate systems and information. In this position of high trust, the Data Protection Analyst will triage myriad developing scenarios alerts related to protection of intellectual property and the security of Huntington’s most critical assets. The analyst will become a subject matter expert and play an important role in testing and evaluating new processes designed to help improve visibility into potential gaps in the current operating environment where warranted.
Strong Business competencies:
- MS Office (Word, Excel, PowerPoint)
- Excellent communication skills (writing reports for management/senior management, presenting to small groups/forums, etc)
- Multi-tasking effectively in fast pace environment
- Advanced analytical problem solving
- Cross team or system data collection, correlation and analysis
Leadership:
- Independently identify and document programmatic or technological issues
- Independently make recommendations for process improvement
Intermediate and hands-on working knowledge of:
- Networking Fundamentals (OSI & OWASP Models, TCP/IP, Interconnecting Network Devices, SSH, SSL/TLS Encrypted Communications, X.509 Certificate Management, Kerberos, SMTP, HTTP/HTTPS)
- Data Privacy Fundamentals (Familiarity with Data Privacy Laws and Regulations, Understanding of Personal Identifiable Information (PII) protection, Basic understanding of Privacy Breach reporting/impact analysis)
- Cyber Security Fundamentals (Familiarity with key concepts of Vulnerability Management, Network Security/Secure Transmission Management, Data Loss Prevention, Identity Access Management, Incident Response, IT Risk Management)
- IT Infrastructure Fundamentals (Familiarity with key concepts of IT Infrastructure: Client/Server, Middleware services, 3 tiered architecture (Web/Middleware/Server & Databases), Databases, Cloud Services (IaaS, PaaS, SaaS))
Duties & Responsibilities:
- Execute and Support the Internal Security domain operational procedures (communication and tracking).
- Participate in creating / maintaining Internal Security policies and standards.
- Assist in the generation and publication of Internal Security KPI/KRI metrics.
- Document activities in accordance with Agile Project Management methodology (Backlog activity, Change Mgmt, Sprint activity planning, etc...)
- Support and independently execute both scheduled engineering build/configuration events as well as incident (break/fix) events including 24x7 support.
- Works closely with the other cyber and IT/TIPS teams, and various lines of business to mitigate risk.
- Identify and drive process improvement within Internal Security program, including identifying new sources for implementation of appropriate Data Protection controls and technologies.
Basic Qualifications:
- Associates or Bachelor’s Degree in IT Security, Risk Management or Computer Science discipline (military service may qualify)
- 3-5 years experience in Cyber Security background
- 1-2 years experience in Data Protection, Network Security or Incident Response background including experience with the following technologies (DLP, Encryption Hardware/HSMs, Public Key Infrastructure (PKI), Windows Server Administration, TLS/SSL Certificate Management, Venafi, OpenSSL, Data Tokenization).
Preferred Qualifications:
- Active Security Certification: Security+; Network+; CISSP; GCTI; CEH; GSEC; CCNA
- Intermediate programming skills (read/interpret scripts, composing basic scripts) with any of the following languages: Python, Powershell, Java, Java Script, SQL, JSON, or equivalent
- Direct hands-on experience with Cyber Security organization supporting related technologies or services in Data Protection areas
- Experienced proficiency with troubleshooting moderately complex IT infrastructure/Server/Networking issues
- Experienced proficiency with technical system maintenance (Patch management, configuration management, design documentation management)
- Ability to communicate effectively clearly and concisely verbally and through technical writing
- Understanding of security architecture and tools which can be leveraged for threat mitigation
Exempt Status: Yes (not eligible for overtime pay)
Workplace Type: Hybrid
Huntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law.
#J-18808-Ljbffr
