Senior IT Security Analyst

The Woodlands, Texas
03 Oct 2016
19 Nov 2016
Oil and Gas
Contract Type
Full Time
Job Description:

The Sr. IT Security Analyst participates in the identification, tracking, and monitoring of information security threats and service operations. Analyst utilizes established processes and tools to focus on threat identification, analysis, and remediation. Analyst supports the processes for technical risk management to protect information assets.

Key Responsibilities/Accountabilities:
  • Assists in the design, development and implementation of security tools
  • Assists in the development and implementation of security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines).
  • Administration and daily operation of SIEM technologies, including rule creation, reporting, correlation and performance monitoring.
  • Provide role appropriate communication regarding threat events to Security Operations Center (SOC) as well as management in order to maintain effective communication regarding environmental concerns.
  • Works with the Security Operations Center (SOC) analysts to perform Level 3 and 4 security events and incident response analysis.
  • Assists with security-related software and firmware (e.g., endpoint, vulnerability scanners, firewalls, IPS/IDS, DNS, proxy etc.) to maintain security and service continuity.
  • Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates and maintains and documents security controls.
  • Assists with investigations of security events (e.g., unauthorized access, non-compliance with company policies, fraud, service exploitation, etc.) to determine malfunctions, breaches, and remediation steps.
  • Responds to service issues, problems, and critical situations to support resolution and minimize downtime.
  • Prepares status reports on security matters to develop security risk analysis scenarios and response procedures.
  • Involved in the evaluation of products and/or procedures to enhance productivity and effectiveness.
Desired/Preferred Qualifications:
  • BS degree in the field of computer science, information systems and/or cyber security training.
  • Seven or more years of information security related experience, in areas such as: security operations, incident analysis, incident handling, vulnerability management, system patching, log analysis, intrusion detection, or firewall administration.
  • Demonstrates fundamental understanding of SIEM technologies, including administration and analyst operation of SIEM within SOC functionality.
  • Demonstrates fundamental understanding of system and network security principles and technology:
  • Demonstrates fundamental understanding of Networking - TCP/IP and other protocols. Common network device functions, such as routers, switches, hubs, etc.
  • Demonstrates fundamental understanding of common security device functions, such as IDS/IPS, Network and Host-based firewalls, DLP (Data Leakage Protection), encryption, endpoint
  • Able to work collaboratively during an incident from possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, worms, Trojans, viruses, etc.
  • Demonstrates understanding of Log file analysis and correlation
  • Demonstrates understanding of relevant terminology, such as: threat, vulnerability, risk, asset, exposure, safeguards, etc.
  • Demonstrates fundamental understanding of risk, IT and security controls, compliance, authentication, authorization, and accountability.
  • Willingness and aptitude to develop in-depth knowledge of network and endpoint security technologies and products (such as firewalls, Network IDS, scanners) and continuously improve these skills.
  • Able to articulate technical processes, both oral and written, to different audiences and varying levels of complexity.
  • Demonstrates time management skills and the ability to prioritize work in a highly dynamic environment.
  • This role is considered a position of Company trust; must have no criminal background or integrity work history issues.
  • Security certification CISSP, SANS, etc. is preferred.
  • Able to travel internationally.
Additional Details:
  • Reports to IT Security Manager.
  • Works directly with the IT Security, Risk and Compliance Team.
  • Works directly with all areas in IT; has close working relationship with IT peer group.
  • Has regular and direct contact with the user community.
  • May have contact with outside vendors, contractors/consultants, and industry trade groups.
  • Attends conferences and belongs to professional organizations and user groups.
Company Overview:

CB&I (NYSE: CBI) is a leading provider of technology and infrastructure for the energy industry. With over 125 years of experience and the expertise of more than 40,000 employees, CB&I provides reliable solutions to our customers around the world while maintaining a relentless focus on safety and an uncompromising standard of quality.