Job Summary
The Senior Cyber Risk Analyst works closely with the General Manager of Information Security to identify, prevent, detect, and respond to cyber-attacks, ensuring the security and continuity of information systems against threats such as service interruptions, intellectual property theft, network viruses, and data breaches. This role involves installing, configuring, and managing security mechanisms, implementing policies for antivirus software, firewalls, and other protective systems, and responding to security incidents with thorough investigations and actionable recommendations to close potential gaps.
The analyst conducts risk assessments of applications, infrastructure, and vendors against a defined framework, addressing identified risks through tailored solutions and hands-on resolution when feasible. Additionally, the analyst triages security alerts, gathers data from network analysis tools, reviews threat intelligence, and diagnoses potential compromises or high-risk exposures. They also participate in vulnerability assessments and use emergency response procedures to safeguard the organization’s digital assets.
Essential Job Responsibilities
• Serve as a subject matter expert for threat and vulnerability management, contributing to service roadmaps, critical vulnerability identification, and response exercises.
• Act as an early informer of critical vulnerabilities and exposures to safeguard the company's information, while maintaining advanced knowledge of industry trends, security issues, and technologies, providing regular updates to management.
• Perform security, risk, and vulnerability assessments of networks, systems, and applications, collaborating with business and application owners throughout the system design lifecycle.
• Support IT operations by contributing to Backup Plans, Disaster Recovery Plans, Incident Management Plans, and day-to-day security monitoring, incident escalation, and compliance with enterprise policies.
• Analyze and evaluate security operations to identify risks, ensure compliance, and recommend improvements.
Additional Job Responsibilities
• Other duties as assigned- This job description in no way states or implies that these are the only duties to be performed by this employee. The employee will be required to follow any other instructions and to perform any other appropriate duties requested by their supervisor.
Minimum Qualifications
Education and Experience
•A Bachelor’s in Computer Science and a minimum of five (5) years of technical experience in one or more of the following areas: computer and network security, vulnerability testing, security monitoring, computer forensic analysis, or intrusion detection, prevention, correlation, and analysis; or an equivalent combination of technical experience and education.
•Technical knowledge in logical and physical security in application, operational, facility, network, and computer (server, workstation, mobile, etc.) security.
•Experience in securing operating systems and network infrastructure.
•Experience in securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS.
•Fundamental systems administration and deployment knowledge for Linux, Windows, Tomcat, Apache, Oracle database, Cisco IOS devices, etc.
•Possess one or more of the following unexpired credentials or certifications as a member in good standing with the parent credentialing organization: Security+, CISSP, SANS, CEH, OSCP, GPEN, ISAM/ISRM, or other relevant industry security certification.
Skills and Abilities
•Understanding of cryptography and encryption fundamentals (symmetric/asymmetric, Public Key Infrastructure, Key Management, attacks on cryptography, etc.).
•Understanding of common cyber tactics, techniques, and procedures and the appropriate mitigations.
•Strong interpersonal and communication skills, including verbal, written, and documentation abilities.
•Must possess the ability to make accurate analytical decisions.
Preferred Qualifications
•Experience implementing, managing, and supporting a vulnerability management platform.
•Certified Ethical Hacking (CEH) and network penetration testing experience.
•Vulnerability assessment process and tools experience.
Physical Requirements and Working Conditions
•This role is 100% on-site and does not offer a hybrid or remote option.
•A valid state-issued driver’s license is required to operate a Ports Authority-owned motor vehicle.
•Vision is required to analyze and process various forms and documents utilized within the framework of performing assigned tasks.
•Hearing is required to adequately perform telecommunication functions.
•Ability to verbally communicate clearly with vendors, customers, co-workers, etc.
•Some irregular work hours may be necessary to perform regular assigned computer work.
•This role may require the signing of a Non-Disclosure Agreement (NDA) to protect confidential company information.