CyberSecurity Analyst

Boston, MA, United States

As the Federal Cloud CyberSecurity Analyst, you will work closely with other members of the CyberSecurity program, monitoring and validating/nullifying identified risks in the environment.

You will work closely with internal and external managed security service providers on all manner of operational security and support their activities where needed.

You will assist in the wider operational activities including but not limited to validating and addressing identified security risks, Data Security, SOC1/SOC2 Audits, Client Audits, security certifications and penetration and vulnerability testing and support management teams during security incident events and be confident and capable of explaining the risk and remediation positions for threats as part of the global security incident management process.

The role will require you to have a technical background. Understanding of security technologies, security controls and security best practice would be ideal but a willingness and desire to expand these security skills and knowledge within the technical security team is mandatory.

The ideal candidate will need to be proficient in security capabilities and wider general security best practice. Where up skilling is required, this will be provided through both peer knowledge share and explicit training.

Duties and Responsibilities

Work with the CyberSecurity Operations Management and colleagues on a day-to-day basis to ensure the highest levels of security and control are maintained throughout Alight's Federal environment.

Ensure all Security Incidents and Security Events are managed through the Security Incident Management process and provide direct communications for all critical items requiring the attention of senior management through the Head of CyberSecurity Operations.

Ensure regular / recurring tasks and activities are managed efficiently and within defined time constraints.

Work with technical and business units across the organization to develop and implement security standards, policies, and practices to make continual improvements and increase the effectiveness of the security program.

Work with technical and business units across the organization as a security reference point, offering advice, support, and guidance on a wide range of security orientated issues.

Assist in documenting and updating as appropriate, security and risk policies, standards, and processes. Ensuring these, and the risk register are up to date and regularly reviewed.

Backup the Vulnerability manager in configuring and executing vulnerability assessment activities to ensure that all vulnerabilities are discovered, prioritized and assigned to appropriate remediation teams. Provide guidance to teams about the vulnerability management program.

Maintain a positive, professional environment in full compliance with applicable laws, regulations, policies, and procedures; ensure that staff members understand and comply with applicable laws, regulations, policies, and procedures.

Write and publish risk reports and scorecards to provide situational awareness and communicate risks to management.

Security Operations Management: Manage day-to-day interactions and escalations with our 3rd party 24/7 SOC provider.

External Threat Oversight and Mitigation: Coordinate response to vulnerability assessments and remediation of the external surface. Work with the network team to guide them in order to ensure we leverage the threat detection and prevention capabilities of edge devices like firewalls.

Threat Intelligence Management: Partner with various stakeholders to understand emerging threats and help coordinate response. Share critical information with management and relevant departments to ensure the company can stay proactive in its response to new threats.

Incident Response Leadership: Provider leadership and support during security events.

Work with the manager to establish measurable benchmarks to monitor progress and identify areas requiring additional focus.

Vulnerability Management: Help prioritize and coordinate response to newly emerging vulnerabilities on the external edge.

Additional duties as assigned by management. Drive the administrative execution of action items and top priorities agreed upon by the BISO and leadership team

Operate at a tactical, strategic, and operational level, handling the oversight of projects that fall between divisions or leadership areas of responsibility when appropriate.

Advanced presentation, proposal, and report writing skills.

Position Requirements Graduate or higher degree holder in relevant information security or a related technical discipline; or the equivalent combination of education; professional training or work experience.

Prior experience running Security Operations Team or serving as a lead within a group

4 years of security experience based on AWS cloud platform .

3+ years of technical operations experience, providing system/platform support for one or more of the following:

Network Operations or engineering

System administration of Linux or Windows

SOC/CIRT team lead

AWS Security Center

Advanced English oral and written communication skills.

Strong program management skills.

Confident but reassuring customer-facing style and excellent organizational skills.

Good team player skills coupled with good analytical skills.

Technical awareness of (and ideally experience in) Tenable, Splunk, SIEM, XDR, IDS / IPS, DLP, DDoS, Data classifications, vulnerability management and penetration testing, with any forensics experience a plus.

Maintain a good technical understanding of today's security marketplace, the threat landscape and how vendors are responding to the changing face of data security.

Working knowledge of ServiceNow

Self-motivated learner with drive to investigate problems with minimal instruction and supervision.