IT Security Analyst III

Current Frost employees must apply using the Careers application in Workday (not through this site)

Job Description

As an IT Security Analyst III with Frost, you will be responsible for keeping Frost data and IT systems secure by analyzing and responding to IT security alerts, coordinating application and enterprise vulnerability and penetration testing, and performing and monitoring security processes across the organization. Responsibilities will include investigating and responding to significant cyber security alerts on a rotational 24/7 coverage schedule; serving as the incident escalation point for other IT Security Analysts and lead incident response efforts; analyzing security alerts and process outputs including specified logging, intrusion detection, and malware detection reports; performing forensic investigation and assisting in eDiscovery, performing intelligence-based threat hunts, performing and documenting security processes including compliance monitoring, vulnerability detection, alert investigation, and threat intelligence analysis; coordinating and performing application and enterprise vulnerability and penetration testing, analyzing the results, and initiating remediation processes; designing, configuring, testing, implementing, maintaining, and documenting detection, prevention, and response processes; maintaining a current and high level of knowledge of cyber security threats and vulnerabilities, industry and regulatory standards, and market innovations; and evaluating new security technologies to identify potential business value. The candidate will provide technical expertise and leadership to the IT Security team, represent the IT Security department on interdepartmental projects and collaborative efforts, and train, guide, and mentor other IT Security Analysts.

Required:

• Bachelor's degree in IT Security, in a related field, or equivalent experience
• 5+ years of experience in IT Operations or Information Security
• Technical expertise in two or more of the following: IDS/IPS, web proxy, SEIM, forensics, automation technologies, vulnerability scanning, configuration monitoring, and/or endpoint detection response
• CISSP or the ability to attain within 6 months
• Excellent written and verbal communication skills
• Proficient in Microsoft computer applications

Preferred:

• A+ certification, Security+ certification, or GSEC certification