Security analyst
Sample job description:
The successful candidate responsibilities include administering and managing various aspects of the client application and network security infrastructure. The incumbent will support the information systems security officer in the development, implementation, and adherence to information security governance, risk assessment, and information security and response management. Specifically in the following areas:
- Develop appropriate security-related policies, procedures, guidelines, standards, benchmarks/metrics, and/or processes for network infrastructure, servers, firewalls, intrusion detection/prevention (IDS/IPS) appliances and software as well as logging, backing up and archiving of critical security devices/applications
- Develop and implements an incident reporting system as it relates to the network security infrastructure
- Develop network security specific awareness training for technology staff to ensure compliance with regulation and company policy
- Advise and assist the information system security officer in setting corporate information security policies. Develop and incorporate various aspects of ISO 17799 within the IT and corporate infrastructure
- Provide subject matter expertise within the following realms of security: access control systems and methodology; cryptography; operations security; security architecture and models; and network, application and Internet security
- Perform monitoring and management of network security components, servers, firewalls, intrusion detection/prevention (IDS/IPS) appliances and software
- Perform daily log review, maintenance, and archive for network security components. Conducts investigation of network penetration attempts to reduce the likelihood of potential successful penetration of the client network. This includes events from the firewalls, IDS/IPS, MARS, Vontu, and other devices
- Review and approve proposed changes in information security systems including Websense, Firewalls, encryption systems, IDS/IPS, e-mail filtering rules, Web application security, Vontu, and other security platforms as well as IT risk assessments
- Work with other business units to identify and remediate security and information vulnerabilities
- Perform internal and external security assessments/testing to validate the effectiveness of security measures
- Identify and make recommendations for improvements and enhancements to network and system security. Provide oversight and project management for new information system security initiatives
- Primary liaison with third-party vendors and external auditors concerning network security assessments
Courses
Core courses
Introduction to Information Systems and Society (0010)
Object-Oriented Programming 1 for Information Science (0017)
Database Management Systems (1022)
Introduction to Telecom and Networks (1070)
Information Systems and Analysis (1024)
Human Factors in System Design (1044)
PLUS
INFSCI 1071
Applications of Networks
Second course in telecommunications and networks. Network architecture, protocols, performance, design, and analysis based on application needs, organizational requirements, user requirements, and performance objectives.
PLUS
INFSCI 1074
Computer Security
Overview of information security. Principles of security including confidentiality, integrity, and availability. Operating systems and database security concepts. Basic cryptography and network security concepts. Secure software design and application security. Evaluation standards and security management. Social, legal, and ethical issues. Human factors in security.
PLUS
INFSCI 1075
Network Security
Network security and cryptographic protocols. Network vulnerabilities, attacks on TCP/IP, network monitoring, security at the link, and network and transport layers. Cryptography, e.g., secret and public key schemes, message authentication codes and key management. WLAN security, IPSec, SSL, and VPNs. E-mail security (PGP, S/MIME), Kerberos, X.509 certificates, AAA and Mobile IP, SNMP security, firewalls, filters, and gateways. Policies and implementation of firewall policies, stateful firewalls, and firewall appliances. Network-related physical security, risk management and disaster recovery/contingency planning issues and housekeeping procedures.
The Capstone Course