Job Summary: The position requires a hybrid presence (on-site and remote). The Jr Information Security Analyst will be performing both engineering and operational information security work. The individual will need to be a self-starter, not require micromanagement, follow directives, manage initiatives, documentation, reporting, pay attention to detail, support audits, provide general information security subject matter expertise, support remediation, participate in project planning, possess a strong skill set in the information security space.

Note: All new hires will travel to GSI’s headquarters in Palm Harbor, Florida for a week of new hire orientation.

Key Responsibilities:

• Implementation and management of both offensive and defensive security technologies in conjunction with commercial and federal information security compliance initiatives
• Configuration, optimization, and utilization of information security tools like: EDR/XDR, IPS, NIDS, Vulnerability Scanning, Web Application Scanning
• Support incident response efforts
• Perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols
• Perform general inspection and implement preventative measures on intrusion detection systems
• Perform information security assessment and penetration testing of both infrastructure and Web Applications
• Assist in managing third-party security services, application vendors, evaluate new vendors and services
• Work with internal and external stakeholders to provide Subject Matter Expertise as needed

Work Experience / Knowledge:

• Working knowledge of agile and waterfall software development lifecycle methodologies
• Well-versed with the NIST Incident Response Life Cycle, NIST CSF Framework
• Familiarity with the MITRE ATT&CK and D3FEND frameworks
• Experience in Information Security
• Knowledge of Information Security Frameworks, e.g., ISO 17799/27001, FISMA/FedRAMP/StateRAMP, HiTRUST, NIST, and other Industry Related Security Frameworks
• Experience reviewing or auditing IT general controls, network infrastructure, information security, SDLC, web server, database server, operating systems, and/or software applications to ensure compliance is maintained
• Experience with Enterprise-level Risk Assessment and Business Impact Analysis
• Experience with disaster recovery and business continuity planning and execution
• Experience managing Information Security Assessments
• Experience in Security Appliance Administration and/or Engineering
• Experience in Vulnerability Management
• Experience in Incident Response
• Hands on experience with Windows Server and Linux
• Experience in TCP/IP Networking
• Digital Forensics skills (memory analysis, disk image analysis, carving)
• Incident Response skills (triage, steps, process, objectives, persistence, tenacity, curiosity)
• Understanding of malware, dynamic malware analysis

Qualifications / Certifications:

• A Bachelor Degree or equivalent work experience
• One or more of the following certifications:
• CISSP
• CEH
• PMP
• Security

Special Requirements:

• May require telephone and online support to the Security Operations Center as needed
• May require nights and weekends time to handle incidents and support the organization as needed
• May also be assigned various projects and tasks as needed

Equal Opportunity Employer. M/F/D/V