- Featured in:
-
More Information Security Analyst Resumes
Use these Information Security Analyst samples as a guideline or visit our extensive library of customizable free resume templates.
Select
Customize
Download
Looking for cover letter ideas? See our sample Information Security Analyst Cover Letter.
Find out what is the best resume for you in our Ultimate Resume Format Guide.
Additional Data Systems Administration Resume Samples
Information Security Analyst Resume Samples
No results found
0-5 years of experience
Support National Internal and External Accounts. The purpose of this objective was to ensure all accounts had the necessary access to various applications. Knowledge of each platform, each application and the appropriate corporate policies and procedures was tantamount to performing to the highest level.
- Performed a review of existing procedures and updated when appropriate
- Completed requests for access to any and all applications using the procedures
- Trouble shot access problems for applications
- Trained new analysts to ensure proper completion of access requests and problem resolution.
0-5 years of experience
Support National Internal and External Accounts. The purpose of this objective was to ensure all accounts had the necessary access to various applications. Knowledge of each platform, each application and the appropriate corporate policies and procedures was tantamount to performing to the highest level.
- Performed a review of existing procedures and updated when appropriate
- Completed requests for access to any and all applications using the procedures
- Trouble shot access problems for applications
- Trained new analysts to ensure proper completion of access requests and problem resolution.
10+ years of experience
- Developed custom PAM authentication module for single sign-on users from Solaris to Microsoft
- Wrote security portions of the IPP (Internet Printing Protocol) standard of the IETF. (RFC 2910)
- Conducted security audit of Xerox web applications, identified several vulnerabilities and recommended corrective actions
- System administrator for Advanced Technology Group document repository service. Over 5000 users and 80,000 documents.
- Trained business division employees on the need for security essentials
0-5 years of experience
Led workstation security project to evaluate and recommend improvements to better protect the environment, network, and data on workstations.
- Provided internal security consulting for product development and operations of services across organization. Worked with internal groups on their projects to help them achieve their goals while
- Investigated, documented, and gathered information on data security recommendations to protect
- Led intrusion detection, vulnerability management, and PKI and participated in auditing, incident
- Provided 24/7/365 systems support as necessary for the diverse needs of the organization.
0-5 years of experience
Functional department lead and point person for the IT Security Department
- Increased the number of security reviews performed utilizing the same resources
- Assisted with planning and execution of domain integration, user account, and e-mail migration during M&A
- Developed, designed, and implemented automated transaction processing, increasing production realized at 500%
- Reviewed user accounts and access on a monthly basis to ensure regulatory and corporate compliance
- Contributed to and participated in business continuity planning and verification
- Adhered to and enforced corporate policies regarding network security, data, and software usage
- Process re-engineered business protocols to meet the high demand of a changing business environment
- Created, modified, and disabled user accounts base on authorized forms
- Reduced security deficiencies by 98% over the previous calendar year
0-5 years of experience
Responded to computer security incidents (CSIRT)
- Served as the team’s primary curator of documentation for security engineering and incident response procedures.
- Planned and implemented meaningful risk-based and performance-based metrics tools in R for the Information Security Team.
- Wrote tools to create and automate security reports such as stale accounts and administrative group changes enterprise-wide.
- Planned, implemented, and administrated our Guardium database activity monitoring system enterprise-wide.
- Developed security testing framework and performed a full suite of security tests on Android handsets to provide security
0-5 years of experience
Responsible to prepare review methods, analytical techniques and compliance routines.
- Determine the internal control measures and ensure its strict implementation.
- Developed annual compliance training strategy and materials for the business units.
- Facilitated changes in the overall organizational policies to ensure alignment with the industry standards.
- Keep the business units updated with the changes in the applicable policies, standards and procedures.
- Delivered hands-on training workshops and partnered with business partners to improve training plan for enterprise policies in order to achieve overall compliance.
- Remained abreast of industry standards and best practices; updates policies and procedures accordingly.
0-5 years of experience
Designed and piloted knowledge management system to improve the efficiency of IT professionals.
- Managed a workgroup of IT managers to develop and adopt knowledge management principles.
- Managed program to achieve 100% compliance in information security awareness training certification.
- Developed and deployed web based emergency operating center (EOC) system for disaster recovery.
- Analyzed information systems to meet Department of Defense (DoD) security requirements.
- Leadership Development Program (LDP) – Risk management training, Six Sigma Certification, and executive training with rotations at various sectors and division of the company.
0-5 years of experience
Promoted bank-wide information security education campaigns designed to engage an employee population of 30K+.
- Authored instructional and marketing materials, intranet articles, contests, and presentation decks.
- Tracked and reported compliance for annual information security refresher training.
- Created infrastructure to support the regular delivery of executive dashboards.
- Published timely reporting on key business initiatives for the Governance team.
- Compiled, verified, and prepared performance metrics for management reports.
- Formalized on-boarding package for new team employees, including training plans and reference materials.
- Provided back-up coverage for facilitation of two critical governance committees.
- Coordinated all special projects and supporting activities (e.g., annual security review of key financial applications; audit of document destruction standards).
0-5 years of experience
Vulnerability Assessment Team Lead for a major federal Data Center.
- Developed security documentation to include policies and procedures for the Vulnerability Assessment Team.
- Used various vulnerability tools to assess operating system, web, and database vulnerabilities.
- Developed and maintained a program of regularly scheduled network vulnerability assessments and reports.
- Assisted in the certification and accreditation of information systems and networks specifically with the Security Testing and Evaluation (ST&E) portion.
- Performed market surveys of security related products and evaluated their suitability for integration into the security architecture.
- Developed standard security-related device configurations for the intrusion detection system.
0-5 years of experience
- Managed competitive product evaluation and procurement process worth $0.8M
- Assessed critical business apps for security risks and compliance (SOX, PCI, HIPAA)
- Created enterprise security event monitoring center, set vision and trained staff
- Overhauled computer security incident response team (CSIRT)
- Provided security risk consulting, guidance, analysis, and requirements
0-5 years of experience
Lead monitoring role for southwest region of the firm
- Compiled and reviewed event/state monitoring reports from various security reporting products to identify and record all security related issues, informing the appropriate department of violations.
- Generated reports on eighteen thousand plus NetWare/NT user account identifying out of compliance issues and facilitating the correction of any issues with the responsible departments.
- Formulated recommendations for implementing desired level of access controls across multiple platforms, which ensured successful implementation of action plans.
- Evaluated security on various systems and recommend changes to improve network integrity and prevent excessive access and potential risk.
- Conducted information owner identification, user re-certification, and group clean-up projects which insured compliance with corporate and audit policies.
- Provided second and third tier customer support while maintaining acceptable service level agreement times minimizing downtime and ensuring end user satisfaction.
0-5 years of experience
- Created and implemented security policies, procedures, to integrate diverse environments.
- Performed audits; determined compliance with standards such as CobIT, PCI, GLBA, HIPAA, etc.
- Conducted site reviews, performed gap assessments, identified/monitored corrective measures.
- Managed security projects, updated all stakeholders of status/deliverables/work plans/metrics.
- Identified areas for improvement in Security; recommended solutions to achieve clients’ goals.
0-5 years of experience
Knowledge of managing information assurance evaluation tests
- Prepared and distributed security assessment reports to business.
- Oversaw and conducted vulnerability assessments using Nexpose.
- Work on executing internal and external penetration testing, and providing support team critical vulnerabilities and follow-up on remediation
- Developed and documented security evaluation test plan and procedures.
- Worked with IT teams to help deploy remediation items based on results from Pentest.
10+ years of experience
Responsible for the establishment and administration of user accounts company wide. Review user access information to ensure system security. Evaluate access requests, security changes and special projects for accuracy. Assign, manage and track requests, changes and projects for completion. Maintain system databases to reduce redundancy. Work with auditors to verify compliance. Maintain multiple mailbox systems to address all issues and requests in a timely manner. Train department members for cross functionality. Evaluate current processes; suggest and implement changes for greater security. Process immediate changes and terminations in a confidential and professional manner.
- Moved systems to electronic format to save several thousand dollars in costs.
- Managed the consolidation of operations and training of employees during the merger of locations.
- Recognized for employee excellence through multiple programs such as: Wall of Fame, Applause Award, Multiply Key Results Award, ROCK Award, and 3 Spotlight Awards.
- Created a tracking program to allow the transition from paper requisitions to electronic format.
0-5 years of experience
Identified areas of risk and developed strategies to mitigate and reduce risks; created processes to regularly review and evaluate organizational preparedness.
- Led technical security tool design, team coordination and security incident response.
- Assisted in the maintenance and administration of compliance systems such as Archer, Relational Security Asset Management, and Remedy.
- Conducted team project management efforts including facilitating work group meetings, tracking key deliverables, and providing formal status updates to management.
- Developed procedural and technical documentation for internal processes, technical systems, and technical support.
0-5 years of experience
Develop policies and procedures for Payment Card Industry (PCI) requirements for [company name]
- Managed and maintained network and server infrastructure to secure all Credit Card payments for [company name]
- Implemented two factor authentication for PCI network on critical application/campus servers
- Assistant administrator for Splunk Log Management and Event system
- Deployed open source File Integrity and Event monitoring system OSSEC
0-5 years of experience
Monitored and analyzed network traffic and security appliances to detect intrusions, identify
infection vectors, and determine appropriate response
- Responsible for ensuring daily functionality of security tools and for proper implementation of escalation procedures
- Proposed configuration changes for a production Splunk instance to improve search efficiency and enhance utility for analysts
- Developed field extractions, macros and dashboards in Splunk in an effort to streamline incident
- Configured virtual lab for static and dynamic malware analysis, and analyzed malware samples to extract indicators of compromise
- Collaborated with team to create policies & procedures for a Security Operations Center
- Built and administered a SharePoint server for the SOC to use as a custom ticketing system, shift log and documentation repository
- Performed a gap analysis of FireEye and Trend Micro Deep Discovery Inspector to determine
- Developed bash scripts to automate common tasks and provide SOC analysts with previously
0-5 years of experience
Led Implementation of corporate IAM, (Identity and Access Management) project for password management and account provisioning.
- Managed the integration of several of Tiffany and Company’s mission critical applications into the IAM security administration model, which mitigated risk and addressed several audit issues for the business.
- Resources used include: Courion Identity Management suite, Active Directory, Microsoft SQL 2005, ODBC, and PentaSafe Security suite for Windows OS and System i/AS/400.
- Threat and Vulnerability Management using Qaulys scanner. Used Policies and workflows to identify and rank vulnerabilities in order to evaluate risk. Reported findings to asset owners and management in order to remediate vulnerabilities and remove risk or to acquire formal risk acceptance
- Admin for Antispyware, Antivirus, Web content filtering and Iron Port e-Mail filters.
- Responsible for SOX reporting for the departments applications to the Auditors.
- Responsible for overseeing ethical hacking of company network.
- Involved in Vendor relations and negotiations for procurement of new hardware and software solutions to be implemented in the network.
0-5 years of experience
Performed audits by assessing web application threat, vulnerabilities and defense programming
- Performed risk assessments to ensure corporate compliance
- Developed agenda for quarterly audit program
- Conducted security event monitoring for corporate wide in-scope applications
- Performed application security and penetration testing using Rational Appscan
- Managed the quarterly employment verification process
10+ years of experience
Responsible for the establishment and administration of user accounts company wide. Review user access information to ensure system security. Evaluate access requests, security changes and special projects for accuracy. Assign, manage and track requests, changes and projects for completion. Maintain system databases to reduce redundancy. Work with auditors to verify compliance. Maintain multiple mailbox systems to address all issues and requests in a timely manner. Train department members for cross functionality. Evaluate current processes; suggest and implement changes for greater security. Process immediate changes and terminations in a confidential and professional manner.
- Moved systems to electronic format to save several thousand dollars in costs.
- Managed the consolidation of operations and training of employees during the merger of locations.
- Recognized for employee excellence through multiple programs such as: Wall of Fame, Applause Award, Multiply Key Results Award, ROCK Award, and 3 Spotlight Awards.
- Created a tracking program to allow the transition from paper requisitions to electronic format.
0-5 years of experience
Facilitated several compliance processes to ensure that overall account access policies were enforced.
- Lead in the User Access Review Tool Enhancement project which consists of converting the user access review process from manual to an automated process.
- Initial implementation consisted of 586 applications and platforms over a two year period. Manage ongoing implementation as scope expands and applications and platforms upgrade, there are currently approximately 900 applications and platforms managed through the tool.
- Worked with product vendor and internal application support to identify and resolve product defects.
- Performed user acceptance and regression testing on application/platform implementations, new functionality, defect resolution and product upgrades and enhancements.
- Continually strengthened existing controls and develop/implement new controls to address audit deficiencies or weaknesses.
- Implemented Segregation of Duties violation process.
- Developed and maintained process statistics and reporting.
- Designed, administrated, and managed customer and team SharePoint sites.
- Created and maintained Standard Operating Procedures, Work Instructions, and other process related documentation.
- Served as a training liaison for initial and on-going educational purposes.
0-5 years of experience
Performed a variety of analytical and support activities for the information security function including maintaining information security policies and managing content updates, coordinating and preparing information security dashboard and metrics, monitoring and reviewing daily logs and Help Desk tickets, assisting on internal and external audits, annual IT risk assessments, incident responses, security awareness training and related activities.
- Participated in IT security functions, evaluating and monitoring information security standards, protocols, and controls are in place and operating effectively in accordance with regulatory requirements and guidelines.
- Assisted in the support and preparation of IT systems and applications risk assessments.
- Reviewed, updated, and maintained all IT and Information Security policies to comply with financial institution regulatory requirements. Tracked and monitored that employees sign policies indicating that they read and agree to abide by policy provisions. Followed up with employees as needed, and respond to questions and concerns related to the policy. Elevated issues as needed to management.
- Documented incident response findings for reported customer and internal information security breaches.
- Supported information security projects that address regulatory compliance gaps.
- Analyzed FFIEC Information security monitoring functions such as daily log reviews, help desk tickets, participation in the semi-annual access re-certifications, physical security walkthroughs and DB audits. Prepared reports as needed.
- Assisted with Third party information security risk assessments.
- Assisted with the employee security awareness program, and new hire orientation.
0-5 years of experience
Collaborated with Information Systems Business Owners to mitigate risks and vulnerabilities in order to provide the appropriate confidentiality, availability, and integrity of information systems. Defined, developed, and tracked the implementation of information security polices and initiatives. Research and present security initiative strategies to peers and management with the goals of encouraging feedback, and buy-in.
- Responsible for the management, creation, and implementation of information security policies based on Payment Card Industry (PCI) and International Organization for Standardization (ISO) 27001/27002 standards.
- Conducted interviews and performed research on information system technologies and applications to gain an understanding of the area being audited / reviewed. Executed audit programs, documented processes, interviewed, produced work papers and assisted with reports development.
- Performed Risk Assessments, Vendor Assessments, and documentation of recommendations.
- Provided presentations and proposals to management and peers on security direction and recommendations.
- Complete ongoing analysis of security vulnerabilities and recommend/implement remediation plans, escalating where needed.
- Represent the company on various Information Security committees and work groups.
- Implement threat management solutions, automation strategies and lead information security projects.
- Participate in the intrusion detection, change management, virus response, vulnerability assessment & incident response activities.
- Evaluate automation technologies relative to information security for use.
0-5 years of experience
Worked at a large computer service center, providing Information Security support for LM internal & 14 commercial customers on 12 IBM MVS mainframe systems, using RACF, Top Secret, VMsecure & ACF2 security software products.
- Support included creations, deletions & maintenance of user accounts and computer resources and the debugging of access problems.
- Was responsible for analyzing & monitoring of the security on the mainframe.
- Worked with Data Center personnel on upgrades & changes to system software.
- Assisted other team members with problem solving & training.
- Created & maintained desktop procedures for a variety of systems.
0-5 years of experience
Provided network communications support and expertise to Central Processing Encryption Center (CPEC) project. Participated in development of client/server Keymap application, development of KeyLoad customer interface utility, KMS enhancements, and all integration testing activities.
- Helped establish new system-wide processing center and developed policies and procedures.
- Supported external customers as they migrated to new Triple DES encryption boards.
- Designed and built problem tracking database for CPEC.
- Co-developed mechanism to produce an e-mail confirmation back to District, notifying requestor when CPEC has processed request.
- Developed in-depth business knowledge of customer requirements, recognizing customer needs and proactively proposing solutions.
- Researched and analyzed CPEC design and prepared documents for distribution to District customer coordinators and Information Security staff.
- Re-wrote complex technical concepts and procedures in clear and concise format for use by non-technical staff.
- Developed thorough and detailed communication configuration requirements and diagrams to help direct efforts of vendor’s programmers and consultants.
- Identified and proposed several enhancements to communication configuration proposed by vendor and greatly improved ability to provide customer support and identify and resolve problems.
0-5 years of experience
Provided level 3 and level 4 supports to window applications and Oracle databases to over 1000 users and 200 vendors.
- HIPAA, Testing and Auditing of Sarbanes-Oxley, and reviewing SSAE-16 reports.
- Knowledge of Information Security risk, regulatory, or compliance responsibilities
- Experience reviewing vendors documented security standard, policy, and procedures.
- Experience reviewing guideline and policies, such as, user authentication rules, security breach resolution procedures, security auditing procedures, use of firewalls and encryption routines, change management procedures, and business continuity and disaster recovery, DLP documented process.
- Understanding of intrusion Experience and knowledgeable with audit frameworks such as ISO 27002, COBIT, PCI-DSS, detection system, perimeter defense, network topology and VPN communications.
- Worked collaboratively with areas of IT security and management, to ensure that all IT technology solutions are appropriately implemented and supported, saving the company time and money.
- Experience with Information Security Metrics, dashboards reporting using SharePoint.
0-5 years of experience
[company name] is a global leader in providing information, analytical tools and marketing services to organizations and consumers to help manage the risk and reward of commercial and financial decisions. The position of Information Security Analyst is charged with balancing business, technology, and security objectives within the technology organization.
- Performed complex risk assessments related to Enterprise projects and initiatives
- Aligned business & technical requirements with information security requirements
- Acted as information security liaison between GSO, Business Units and GTS
- Assured compliance to company global policies, procedures and guidelines
- Developed and support an internal reseller compliance and security assessment program based on the PCI DSS v1.1
- Information Security project manager on numerous enterprise efforts
10+ years of experience
Manage Enterprise Risk Assessment activities – Develop enterprise level risk assessment strategy, develop system level risk assessment, manage risk assessment data, Deliver risk assessment results to executive management
- System Security Review – Developed and provide system security review service which assures compliance with policy and regulations
- Draft Information Security proposals – Research and draft proposals for information security related activities to be reviewed by executive committee
- Implemented a password security portal for all [company name] workforce members
- Designed access and authorization procedures to enhance security of the in-house IAM system
- Provide Information Security consults – Consult with [company name] workforce members on information security related topics and issues
- Developed and implemented [company name] Information Security policies and standards
- Manage Information Security training and Security Awareness – Develop and deliver new employee orientation materials, develop annual information security survey, develop and deliver information security training for major roles identified at [company name]
0-5 years of experience
Remediated control deficiencies identified by testing newly implemented or upgraded controls for appropriate design and operational efficiency.
- Ensured compliance with Security Policies, Procedures and Standards, recommend improvements and enhancements to these standards as needed.
- Developed and maintained risk control matrix (RCM) to ensure reduced risks, control efficiency and general compliance.
- Track outstanding control and audit issues, corrective actions plans, risk acceptances and data collection activities pertaining to legal/regulatory requirements.
- Prepared reports on audit findings and made recommendations for correcting unsatisfactory conditions, improving operations and reducing the compliance cost.
- Develop and create Policy based practical procedures for remediation of threats and possible/probable vulnerabilities for current and future exposure of internal resources.
- Worked closely with internal/external auditors in gathering and providing evidences of followed standard procedures for each process and following up on suggested corrective actions.
- Generated weekly metrics reports regarding outstanding issues for management review.
- Investigated issues relating to change record documentation, performing a trace history to identify its origin.
- Provided recommendations on business cases, action plans and deliverables to ensure compliance requirements were met.
0-5 years of experience
- Responsible for recommending preventive, mitigating and compensating controls to ensure an adequate level of protection as well as maintain the patches, incident documentation, virus attacks and security resolutions.
- Conducted technical risk evaluation of hardware and installed networks and was responsible for Virus and Patch updates.
- Assisted in incident response and recommended corrective actions. Performed forensic recovery and analysis.
- Documented different operational, functional and physical risks involved in the company and formed an incident response team in-order to mitigate those risks in a suitable time-frame.
- Monitored Bandwidth/remote access traffic on both wired and wireless networks and systems.
- Assisted with internal IT security administration and served as an IT advisor and interim system administrator.
- Worked with BC/DR team, and was responsible for the Awareness/Educational program.
0-5 years of experience
Conducted FISMA-based security risk assessments for various government contracting organizations and application systems – including interviews, tests and inspections; produced assessment reports and recommendations.
- Documented and reviewed System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization to operate letters (ATO).
- Assisted with review of policy, security alerts, guidance, regulations and technical advances in IT Security Management
- Utilized processes within the Security Assessment and Authorization environment such as system security categorization, review of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.
- Contributed to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.
- Participate in design of information system contingency plans that maintain appropriate levels of protection and meet time requirements for minimizing operational impact to the organization.
0-5 years of experience
Experience and knowledgeable with audit frameworks such as ISO 27002, COBIT, PCI-DSS, HIPAA, Sarbanes-Oxley, and SSAE-16 reports.
- Knowledge of Information Security risk, regulatory, or compliance responsibilities
- Experience with Information Security Metrics, dashboards reporting using SharePoint.
- Experience reviewing vendors documented security standard, policy, and procedures.
- Experience reviewing guideline and policies, such as, user authentication rules, security breach resolution procedures, security auditing procedures, use of firewalls and encryption routines, backup
- Understanding of intrusion detection system, perimeter defense, network topology and VPN communications.
- Worked collaboratively with areas of IT security and management, to ensure that all IT technology solutions are appropriately implemented and supported.
0-5 years of experience
- Reviewed and analyzed the impacts of modifications and/or additions to the [company name] network.
- Classified data as it is defined by [company name] risk level policy.
- Performed impact analysis and risk assessment on security plans as submitted by [company name] business units.
- Managed projects in queue and as they progress through the information systems process from request through delivery of services.
- Supervised technology subject matter experts (SMEs) through each stage of the process to insure risk is mitigated and policy is followed.
- Developed new security plans as needed to complete documentation on each risk assumed by the [company name] Home Mortgage business unit. Ensure compliance with GLBA, SOX, and ISO 17779 as necessary within each project.
- Consistently monitor all changes to the Wells systems, software, and network to insure that policy was followed and changes were made according to regulatory and corporate standards.
- Processes included site reviews of new business partners, code reviews of new or modified software systems, and topology and architecture assessments of new network connectivity as well as current architecture.
0-5 years of experience
Execute PCI-DSS audits addressing security threats, security risk assessments, process improvement initiatives, regulatory requirements, compliance initiatives or other risk analysis requests from the Business Units.
- Lead testing of the assigned PCI-DSS requirements and support the continuous compliance requirements throughout the year.
- Subject Matter Expert and source of security compliance knowledge to provide advisory services to business units and assistance in understanding regulatory and compliance requirements pertaining to security risk.
- Ensure the protection of [company name] data by identifying areas of non-compliance or security threats within reviewed control environments.
- Participate in multiple projects and reviews concurrently ensuring quality deliverables, managed expectations and timely results.
6-10 years of experience
- Provided research, support and information security advice to system administrator, system and network engineering teams in designing security solutions for new and existing technology
- Identified and evaluated all reported security vulnerability alerts both real and potential. Ensured all corrective measures were implemented in a timely manner
- Supervised Information Assurance Office during absence of section chief; led resolution of critical security incident; attended staff meetings; enforced security policies and developed standard operating procedures.
- Performed vulnerability risk assessments and investigated potential security incidents and exposures of systems. Reported security findings and implemented solutions to minimize risk
- Provided guidance to Configuration Control Board to ensure hardware and software modifications of classified networks complied with security policies and standards.
0-5 years of experience
- Assisted and maintained the company’s security awareness program and associated materials as well as daily administration of applications and platforms.
- Conducted quarterly periodic user reviews and annual vendor contract reviews with key representatives from other business areas that supported key financial or other supported applications.
- Facilitated the banks Information Security incident reporting which consisted documenting and reviewing all information security related incidents reported.
- Performed administration duties of the RACF database which consisted of the creation and or deletion of users, groups and resources to support the company’s mainframe infrastructure.
- Participated in several department meetings to discuss the role out or annual security reviews for the various applications of the company.
- Responsible for the creation of several forms, procedures as well as other key documents to ensure the controls and procedures to protect various systems of the bank created in MS Visio, MS Word, MS PowerPoint and Adobe.
0-5 years of experience
Monitor and advise on information security events to ensure security controls are up to standards and operational as intended.
- Monitoring of PCI/SOX audit logs
- Coordinate conflict/resolution response and documentation tracking
- Provide design and deployment recommendation of Information security metrics
- SIEM alert analysis, application vulnerability assessment, risk analysis and compliance testing.
- Utilize PCI DSS, ISO 17799/27002, data confidentiality, network, desktop, server, applications, and database security principles, for risk identification and analysis.
6-10 years of experience
- Discovered and documented numerous security vulnerabilities using manual penetration methods
- Identified responsibility gaps beyond information security and took the initiative to support them
- Worked within a team to handle incidents that impacted sensitive areas of the business
- Recommended and introduced new security tools and processes into the environment
- Performed a compliance gap analysis and presented a list of recommendations
- Provided strong troubleshooting skills as needed for business continuity
- Monitored logging sources and servers for any intrusions or issues
- Recorded desktop activity when an internal threat was suspected
- Provided pre-deployment analysis
0-5 years of experience
Worked alongside access & procurement team members to provision access to systems through ticketing systems to prevent hacking and/or keeping [company name] information secure
- Provided technical support for routine Active Directory security-related issues.
- Participated in the review of existing systems security issues and procedures and provides support for testing, emergencies, installations, and conversions.
- Provides project support to new applications development and implementation.
- Tested software and applications for Team Members before launch dates
- Being able to work on multiple work tickets at once as they came in to complete on time to meet SLA.
0-5 years of experience
Managed communications and relations between the Application Security team and the rest of the company.
- Served as the Archer reporting platform Subject Matter Expert (SME).
- Operated as the Veracode platform owner and managed the vendor relationship.
- Administrated the company Application Security training and education program.
- Ran the Veracode (SaaS) static scanning program for development teams.
- Developed new reporting capabilities utilizing Archer and Excel to provide deep analysis of the threat landscape.
- Managed requirements gathering for all new enhancements of the Archer module.
- Maintained data sync processes between Archer and upstream/downstream systems.
6-10 years of experience
Security controls implementation and administration such as Malware Detection and prevention, Network access controls, application layer firewall, remote access with two-factor authentication and IDS
- Responding to and resolving alerts
- Generation and maintaining of administrative documentation such as admin manuals
- Identify, track and remediate vulnerabilities identified within all security tools
- Reviews and evaluates patch reconnaissance in the system
- Recommends software upgrades and performs upgrades in production
- Performs security tasks during BCP exercises and possible actual disasters
0-5 years of experience
Day to day activities for the customer included the Vulnerability Assessment of Information Systems within [company name].
- Tasked with the installation and configuration of Imperva’s Web application firewall which allowed us a closer in-depth look at various attacks signatures.
- Web Application Vulnerability Assessments using HP WebInspect and other open source tools. While assisting the customer on the remediation efforts to fix the issues that were identified.
- Evaluation of Information System Security Plans (SSPs), [company name]’s application assessment framework using Relational Security’s Relational Security Assessment Manager (RSAM) software
- Review and audit of firewall rules on a consistent basis to determine what effect the rules would have on the impact of the infrastructure.
- Continuous monitoring off all 25,000 client systems running nCirlce vulnerability assessment tool that was automated within the environment.
0-5 years of experience
Perform network and system vulnerability scans and work with technical teams to close security gaps.
- Responsible for risk management and security policies under the corporate Information Security Officer.
- Supports the Information Security department in project implementations.
- Assisted in the development, maintenance, and testing of a business continuity and disaster recovery plans.
- Participate and assist in both external and internal system audits.
- Provides support to the Computer Incident Response Team.
6-10 years of experience
Reviewed security policies annually; submitted change recommendations; updated as necessary.
- Created, reviewed and updated user access standards and procedures.
- Participated in business impact analysis, risk assessment, disaster recovery plan development and testing for all departments.
- Created and maintained end user accounts in multiple applications and systems, including Active
- Interacted with internal and external auditors as user access subject matter expert.
- Executed weekly backup of anti-spam firewall configuration; applied firmware updates; updated
- Trained and assisted associates in software utilization.
0-5 years of experience
Monitored network security by performing event and impact analysis, remediation, and incident
escalation.
- Initiated incident handling procedures to isolate and investigate potential information system
- Planned and organized testing against internal networks and information systems to uncover
- Regularly performed Penetration Testing, Wireless Testing, Vulnerability Assessments, Social
- Generated and presented reports on security vulnerabilities for customers and upper level
- Performed remediation of vulnerabilities found.
- Deployed IPS, IDS, HIDS, Firewalls and Endpoint Security to minimize attack surface.
- Advised customers on security and policy implementation.
- Experience with HIPAA, PCI and SSAE 16 audits.
Data Systems Administration Cover Letter Examples
Rate This Article
[Information Security Analyst]
Last edited by: Gabriela Barcenas, CPRW, Content Writer II -
Gabriela Barcenas
CPRW, Content Writer IIGabriela is a Certified Professional Resume Writer (CPRW) and career adviser. With 10 years of digital media experience and five years of resume writing expertise, her publication history includes fashion, education, travel, social justice, equitable design and career advice.
