Jr. Information Security Analyst

West Nyack, NY, United States

Overview

The Salvation Army, an international movement, is an evangelical part of the universal Christian Church. Its message is based on the Bible. Its ministry is motivated by the love of God. Its mission is to preach the gospel of Jesus Christ and to meet human needs in His name without discrimination.

We are the largest non-governmental provider of social services in America and every year, we help over 30 million Americans overcome poverty, homelessness, addiction, economic hardships, loneliness, and exploitation through a wide range of programs and services.

The Information Security Analyst plays a crucial role within the IT and Security Department, serving as the first line of defense against security threats. This position is instrumental in supporting the Incident Manager and Security Engineers. The analyst's responsibilities include conducting application access audits/monitoring for all software, particularly those utilizing role-based authentication across IT and various business units, to ensure compliance and safeguard organizational assets.

Responsibilities

The core responsibilities of this position are as follows:

• Security Alerts Review and Analysis- Conduct detailed first-level analysis of security alerts generated by SIEM tools, endpoint protection, and other security systems to identify potential threats. - Prioritize alerts based on severity, impact, and urgency to ensure that critical issues are escalated and addressed promptly.- Use threat intelligence platforms and databases to correlate alerts with known security threats, vulnerabilities, and incidents.

• Incident Escalation and Support - Work closely with the Incident Manager and Security Engineers to provide actionable intelligence and support for escalated security incidents.- Assist the Incident Manager in ensuring they have enough information from the initial findings to document incident details, analysis findings, and steps taken for resolution to contribute to post incident reviews, knowledge sharing, and continuous improvement in Cyber Security efforts. - Assist in developing and refining incident response protocols and procedures to improve response times and outcomes.

• Application Access Audits and Monitoring - Regularly perform audits of application access controls and permissions, especially for applications utilizing role-based authentication (e.g., Financial, HR, Personnel systems) to ensure compliance with organizational policies and standards.- Identify and report unauthorized access attempts or policy violations, suggesting improvements to access controls and policies.- Collaborate with IT administrators and business unit managers to ensure appropriate application access levels are maintained according to job roles and responsibilities.

• Security Awareness and Training- Ensure that security awareness training materials focus on application access best practices, password management, and recognizing phishing attempts and other social engineering tactics. - Assess the effectiveness of the training across the territory and organize training sessions for employees across various departments (e.g., ARCC, Finance, CRD, HR) relevant to the sensitive data they handled. Ensuring they understand their roles in maintaining cybersecurity.- Stay informed about new security awareness training methods and technologies to enhance the effectiveness of training programs.

• Compliance and Best Practices Implementation- Ensure all cybersecurity practices and protocols adhere to relevant regulatory and compliance standards (e.g., NYSHIELD, GDPR, HIPAA, PCI-DSS).- Assist in reviewing and updating security policies and procedures to align with best practices and compliance requirements.- Assist the Information Security Director by participating in internal and external audits, providing necessary documentation and evidence of compliance where warranted.

• Threat Intelligence and Research- Actively follow cybersecurity news, trends, and threat intelligence reports to stay ahead of the organization's potential security threats. - Contribute to internal threat intelligence by analyzing and summarizing current threats, vulnerabilities, and attack methodologies.- Engage with cybersecurity communities and forums to exchange knowledge and stay informed about emerging cybersecurity technologies and practices.

• Tools and Technologies Management- Assist in evaluating, selecting, and deploying cybersecurity tools and technologies that enhance the organization's security posture. - Where relevant to the role, ensure proper configuration, maintenance, and update of security tools to optimize their effectiveness and efficiency.

Qualifications

- High school diploma or general education degree (GED) and one year of related experience.

- Cybersecurity training - Security+, or equivalent is preferred.

• Proficient in using SIEM, endpoint security solutions, and network monitoring tools.• Awareness of regulatory compliance standards relevant to cybersecurity (e.g., NYSHIELD, GDPR, HIPAA, PCI-DSS).• Excellent analytical and problem-solving skills.• Stays informed of trends in the industry through news and events (e.g., threat intelligence and reports, blogs and podcasts).• Demonstratable passion for the field of cybersecurity through consistent learning and engagement (e.g., TryHackMe, HackTheBox, Vulnhub, Cybrary, PortSwigger).• Strong communication and collaboration abilities.

What We Offer

Generous Medical, Dental, Vision Benefits

TSA paid Life Insurance for Employees

Additional life insurance options for employees

On-site cafeteria

Paid Time Off – Vacation, Sick, Personal day

403(b) retirement savings plan

Non-contributory Pension Plan

Professional Development

Education Assistance

Free, on-site Fitness Center

Federal holidays

Opportunities to give back and support our communities

All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, disability or protected veteran status.