Information Security Analyst I

What you'll do:

As an Information Security Analyst I in our Incident Response program, you will be responsible for identifying, investigating, and responding to security incidents and threats to protect the organization's information assets. You will work in a fast-paced environment, collaborate with various teams, and ensure that incidents are promptly addressed to minimize the impact on the organization's operations.

Primary Responsibilities and Duties – This role will be focused on these key functions,:

• Monitor, analyze, and investigate security events and incidents across the organization's network, systems, and applications.
• Conduct technical analysis of security incidents, including malware analysis, packet analysis, and log analysis, to determine the scope and severity of the incident.
• Perform incident response activities, such as containment, eradication, and recovery, in coordination with other IT and security teams.
• Develop and maintain incident response plans and procedures, and ensure they are up-to-date and tested.
• Collaborate with other teams, such as the IT infrastructure team, DevOps team, and Risk Management team, to ensure timely and effective response to security incidents.
• Provide guidance and recommendations on security controls to mitigate risks and prevent future incidents.
• Conduct post-incident reviews and analyses to identify lessons learned and improve incident response procedures and practices.
• Attend relevant training to ensure skills are developed and kept relevant to organizational needs.

Additional knowledge domains – Secondary areas where your knowledge and experience may be able to contribute to the larger team, these are not areas the role is accountable for, but participation is encouraged to foster a stronger team.

• Network Security: Responsible for Firewalls, IPS/IDS, Proxies, URL Filtering, IP Whitelist/Blacklisting, Geo-fencing, DDoS protection, VPNs, NAC, posturing systems, and other security technologies for both physical and cloud operations.
• VMware System Security: Responsible for working with Infrastructure teams to analyze and maintain existing structure or create new, secured, virtual environments. Knowledge of the VMware stack, Horizon, Workspace One, and NSX required.
• System Security: Responsible for working with Infrastructure teams to analyze and maintain existing structure or create new, secured, domain environments. A thorough knowledge of Microsoft domains, including Active Directory, Azure AD, DHCP, DNS, Kerberos, Group Policy, Scripting, Patch Management, Endpoint Management, AV & EDR Tools, FIM tools, SNMP/WMI/Syslog management and monitoring.
• SIEM/SOC Security: Responsible for SIEM tools feeding SOC operations, including ongoing management, tuning, alert thresholds, initial investigation and validation of threats, and building functional reports to relay threat analytics to stakeholders in a digestible format.
• Incident Response & Forensics: Accountable for Incident Response handling and forensics using appropriate methodologies to acquire and preserve evidence in a manner consistent with legal requirements for admissible evidence. Ability to perform root cause/post-mortem analysis.

What you'll bring:

• Bachelor's degree in Computer Science, Information Systems, or related field.
• Minimum of 3 years of experience in cyber security incident response or related field.
• Experience with incident response tools and technologies, such as SIEM, IDS/IPS, endpoint detection and response (EDR), and forensic tools.
• Knowledge of network protocols and security technologies, such as firewalls, VPNs, and encryption.
• Strong analytical and problem-solving skills, with the ability to analyze large and complex data sets.
• Excellent communication and collaboration skills, with the ability to work effectively with teams across different departments and levels of the organization.
• Relevant certifications, such as GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH), are preferred.

Preferred Skills:

• Critical Thinking -- Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
• Active Listening -- Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
• Writing -- Communicating effectively in writing as appropriate for the needs of the audience.
• Skilled at communicating and prioritizing threats and vulnerabilities to a diverse audience, and be able to confidently express and assist with proper remediation methods
• Collaborative -- Willingness to work with others, in both a technical and general domains, to understand actual risk and impact of incidents and to convey these ideas to others; for purposes of containment and eradication, and in support of remediation efforts.

Achieve well-being with:

• Hybrid and work from home opportunities
• 401 (k) with employer match
• Medical, dental, and vision with HSA and FSA
• Competitive vacation and sick time off, as well as dedicated volunteer days
• Access to wellness support through Employee Assistance Program, Virgin Pulse, Talkspace, and fitness discounts
• Up to $5,250 paid back to you on eligible education expenses
• Pet care discount for your furry family members
• Financial support in times of hardship with our Achieve Care Fund
• A safe place to connect with other employees through our six employee resource groups

Attention Agencies & Search Firms: We do not accept unsolicited candidate resumes or profiles. Please do not reach out to anyone within Achieve to market your services or candidates. All inquiries should be directed to Talent Acquisition only. We reserve the right to hire any candidates sent unsolicited and will not pay any fees without a contract signed by Achieve’s Talent Acquisition leader.

All your information will be kept confidential according to EEO guidelines.

Achieve is a leading digital personal finance company. We help everyday people move from struggling to thriving by providing innovative, personalized financial solutions. By leveraging proprietary data and analytics, our solutions are tailored for each step of our member's financial journey to include personal loans, home equity loans, debt consolidation, financial tools and education. Every day, we get to help our members move their finances forward with care, compassion, and an empathetic touch. We put people first and treat them like humans, not account numbers.