|Preferred GIAC Certifications||GCIA, GCIH, GMON, GSEC|
Senior Information Security Analyst (664-2017)
Information Technology Corvallis or Portland, United States
POSITION SUMMARY: The Senior Information Security Analyst will work on all aspects of information security at NuScale. They are responsible for securing information in all its forms and reducing risk as it relates to NuScale’s data, facilities, and personnel. This includes design, policy, operations, strategy, development, training, and incident response.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Develop, implement, and monitor company-wide information security policies, procedures, standards, and baselines in support of critical business processes to insure NuScale has protection in depth.
Administer and maintain core information security infrastructure, various encryption products, various APT detection and prevention products, and other infrastructure as needed.
Collaborate across the organization to ensure the needs of relevant stakeholders are addressed.
Monitor advanced tools and analyze the data to detect and prevent possible data breaches. Prepare reports as needed on security incidents.
Continuously improve information security at NuScale through research, testing, and implementation of new technologies, tools, and improvements to existing tools, processes, or designs.
Initiate, plan, and lead core information security projects to support NuScale’s rapid growth.
Promote security awareness and security education via interaction with NuScale staff. Help create and present security education and awareness programs.
Serve on the NuScale Incident Response team to quickly identify, contain, analyze, remediate, and document security incidents.
Perform scheduled Red Team / Blue Team tests to verify NuScale’s security posture.
Position is a full-time salaried position with routine work schedule (business hours, M-F). Some on-call or after hours work may be required with advance notice.
Performs other duties as assigned.
CORE COMPETENCIES: To perform the job successfully, the individual should demonstrate competencies in performing the essential functions of this position by performing satisfactorily in each of these competencies.
Problem solving: Identifies and resolves problems in a timely manner, gathers and reviews information appropriately. Uses own judgment and acts independently; seeks input from other team members as appropriate for complex or sensitive situations. Ability to resolve problems at correct level.
Oral/written communication: Listens carefully and speaks clearly and professionally in all situations. Edits work for accuracy and clarity; is able to create, read and interpret complex written information. Must be able to effectively advise all levels of staff. Ability to develop strong interpersonal networks within the organization. Must be able to form, lead, and facilitate teams of people to meet goals.
Planning/organizing: Prioritizes and plans work activities, organizes personal and project timelines and deadlines, tracks project timelines and deadlines, and uses time efficiently.
Adaptability: Adapts to changes in the work environment, manages competing demands and is able to deal with frequent interruptions, changes, delays, or unexpected events. Must be able to identify both tactical and strategic approaches to various needs.
Dependability: Consistently on time and at work, responds to management expectations and solicits feedback to improve performance. Must be able to manage time and work various hours as needed to meet the goals of the company.
Team Building: Capable of developing strong interpersonal networks and trust within the organization. Leads consensus by involving all stakeholders, facilitating their understanding of differences, agreeing on requirements and constraints, and developing the best solution.
Security Conscious: Observes security procedures and is expected to model security consciousness and train users.
Safety Culture: Adheres to the NuScale Safety culture and is expected to model safe behavior and influence peers to meet high standards.
MINIMUM SKILLS, QUALIFICATIONS AND ABILITIES:
Education: A minimum of a B.S. degree in Computer Science from a four year accredited college/university or 10 years related experience in lieu of degree. A CISSP or GSEC certification count as five years of experience.
Experience: A minimum of ten years’ experience in complex IT and security environments. This includes direct experience working on company-wide security strategy and policy. Direct experience with design, implementation and auditing of security controls to meet company strategy. A strong understanding of various security, regulatory and audit frameworks. Must understand the issues in working in a highly regulated industry and blending those into a startup company’s culture.
Certifications: Should have both industry and technical certifications; but at a minimum either a CISSP or GSEC is suggested. The position requires strong knowledge in the following areas in security issues as it relates to designing, implementing, supporting, and troubleshooting;
Microsoft or Linux Operating Systems/Networking
Encryption technologies and implementations
Network Devices, Protocols, or Sniffers
Security Tools and Processes (Pen Testing tools, Forensic Tools, Risk Assessment, etc.)
Strong understating of Social Engineering attacks
Blended attacks and Advanced Persistent Threats (APT)
Understanding of normal and abnormal ingress and egress network traffic
Various ways malicious actors can hide malware, C2 traffic, and egress data
Preferred skills and background in the following areas:
Strong ability to do network and end point forensics including live RAM and disk systems
Understanding of Public Key Infrastructure
Scripting or Programming (example: Power Shell, Bash, BAT, VB Script, C#, ASP.Net, etc.)
DoDD 8140 (DoDD 8570)
SEC501: Advanced Security Essentials - Enterprise Defender (GCED)
SEC503: Intrusion Detection In-Depth (GCIA)
SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling (GCIH)
SEC560: Network Penetration Testing and Ethical Hacking (GPEN)