The Systems Security Analyst plays an integral role by implementing, maintaining and enforcing multiple data/cyber security standards, processes, and initiatives while protecting the confidentiality and integrity of Empyrean’s information assets on multiple platforms.

?       Assist with documenting a secure configuration standard for managed file transfer and email.

?       Configure, manage and monitor FTP systems pertaining to security standard.

?       Configure, manage and monitor outbound secure email gateway policies

?       Analyze file transfers for encryption, file integrity and unauthorized disclosure, to ensure security/encryption policies are adhered to.

?       Conduct vulnerability scans on test, dev. and production systems to ensure all systems are in compliance with latest patches and Empyrean’s security policy

?       Review vulnerability scan reports and manage a remediation process to mitigate risks. 

?       Conduct risk assessments on Active Directory, Windows and LINUX servers and network equipment. 

?       Perform audits of access control list of systems and applications.

?       Set up requested FTP/SFTP sites.

?       Manage all PGP encryption configurations and generation of public/private keys

?       Assist clients with Key Pair generations and successful encrypted file transfers

?       Manage master encryption key ring and Key Vault

?       Conduct periodic audit to ensure encryption policy is being adhered to

?       Monitor and manage Empyrean’s Domain, SSL/SSO certificates

?       Obtaining, creating certificates and deploying certificates to appropriate servers

?       Assist with a developing and enforcing a DLP policy on endpoints at Empyrean.

?       Working in conjunction with Empyrean compliance department, conduct security incident investigations and complete security incident reports

?       Manage Empyreans penetration tests

?       Participate in Internal Security Assessment and Internal/External Audits

?       Assist in RFP process with filling out security questionnaires as required

?       Compete security vendor assessments

?       Create/Review and update policies on annual basis and as required

?       Active member of and participate in weekly security team meetings

?       Review and edit policy documents and create new policy where there are gaps

Qualifications

?       Bachelor’s  Degree considered, also 5  to 8 years equivalent experience in IT Security in lieu of degree

?       Has set up and worked within a Security Program

?       Understanding and working knowledge of SIG

?       Has hands on experience with Security evaluations, questionnaires both in generating and responding.

?       Actively managed a vendor management program

?       Have developed policies where needed and conducted annual reviews of current policies, with ability to recommend changes where needed

?       Knowledge of requirements mandated by regulatory laws such as, HIPAA and the Privacy Act.

?       Knowledge of and worked within NIST (CFS) framework and documenting security technology standards.

?       Be familiar with the ISO 27001, HIPPA security framework.

?       Be familiar with and participated in SSAE-18, SOC l & ll audits

?       Has experience working with Secure email, FTP,SFTP,AS2 systems and applications

?       Understanding and working knowledge of Public Key Infrastructure (PKI).

?       Basic knowledge of networking protocols and the OSI and OWASP models.

?       Knowledge of requirements mandated by regulatory laws such as, HIPAA and the Privacy Act.

?       Knowledge FIPS 140-2 approved encryption algorithms such as AES, 3DES, IDEA, RSA etc.

?       Work toward good understanding of process flows as it relates to integrating MFT with Empyrean’s internal application.

?       Solid background and understanding in networking  concepts, protocols, configurations,  firewalls, routers, network/system/security devices

?       Has experience or exposure to packet captures and analyze data using company approved sniffer tools.

?       Working knowledge of Group Policy and Active Directory.

?       Worked with security tools such as Email/web gateways, eg. Proof Point. Scanning tools, eg. Tenable, encryption tools, SIEM, Bitsight/Security Scorecard, etc.

?       Security certifications preferred  (such as, CISSP, GIAC,CCFP,HCISPP, SSCP,CNP)