Info Security Analyst

    • Job Tracking ID: 512165-664352
    • Job Location: Westminster, CO
    • Job Level: Any
    • Level of Education: Any
    • Job Type: Full-Time/Regular
    • Date Updated: January 31, 2019
    • Years of Experience: Any
    • Starting Date: ASAP
    • Days of the Week: Mon,Tue,Wed,Thurs,Fri
    • Hours: full time M-F 8-5
Invite a friend
facebook LinkedIn Twitter Email

Job Description

pay based upon experience: $62,000 - $90,000


Reporting to the AVP of IT Operations the IT Information Security Analyst will be responsible for the overall security of network and system infrastructure and related resources. This will include architecture and auditing of firewalls, switches, routers, systems, and associated supporting systems. This position will also be responsible for all log correlation and event monitoring, incident response, intrusion detection / breach prevention, policy development, and security related regression testing of all applications and systems.



  • Act as an internal subject matter expert for all aspects application, system, and network security.

  • Maintain an active working knowledge of all emerging security trends including the latest attack methods, vulnerabilities, and remediation techniques.

  • Perform routine penetration testing and vulnerability assessments against new and existing nodes.

  • Validate endpoint security and patch management methodologies are being followed.

  • Monitor and investigate all network and system device logs for security breaches. Correlate all security device reports on a monthly basis and provides insight into potential issues directly to the AVP of IT.

  • Act as the principle responder to all security related incidents.

  • Continually scans all network traffic to validate that DLP systems are functioning as expected.

  • Preform monthly audits of all permissions within the network and application stacks.

  • Review software and firmware versions for all hardware and applications. Recommends upgrades and updates all devices and applications as necessary.

  • Establishes system controls by providing a policy framework for hardening all devices based on NIST, NCUA, FFIEC, GLBA, etc. standards. Validates policy compliance based on those standards.

  • Assists in program development of organizational security awareness training including direct end user training.

  • All other duties as assigned.




  • 4 year college degree or equivalent work experience. CISSP, SSCP, CCNA/ CCNP Security or any certification from ISC, GIAC, Cisco a plus.


Experience Required:

  • 2+ years’ experience in an enterprise security role preferred.


Required knowledge:

  • Working knowledge, understanding, and compliance of financial institution business processes and regulatory requirements including technology solutions used in financial institution operations.

  • Excellent communication/influence skills required, including reports, presentations, group facilitation skills, and ability to develop professional relationships. Ability to convey concepts and issues to both technical and non-technical audiences.

  • Proven ability to partner and communicate effectively across all levels of the organization and develop positive working relationships.

  • Demonstrated conceptual thinking and analytical skills.

  • Solid understanding of network security (firewall, IPS, IDS, data encryption) and telecommunication technologies.

  • Thorough knowledge of hardware and software systems to support medium size business enterprise network and data center environment.

  • Strong expertise in PC and server configurations including Windows and Unix/Linux as necessary to support a security infrastructure.

  • A general understanding of desktop/server virtualization concepts, procedures, and best practices.

  • Good process orientation and ability to clarify objectives, evaluate options, consider implications, assess risks, and make key decisions.

  • Sound planning, organizational, time management, and problem solving skills.

  • Good project management and documentation skills.

  • Demonstrated ability to meet deadlines and commitments in an environment that requires multitasking among concurrent projects.



  • A significant level of trust and diplomacy is required, in addition to normal courtesy and tact. Scope of work will include access to sensitive data and financial perspectives requiring extreme confidentiality. Communication may involve motivating or influencing organizational leaders.

  • Strong organizational and time management skills.

  • Willingness to participate in an on call rotation as well as work after hours as necessary.



  • Standard office conditions

  • Low to moderate noise

  • Limited lifting up to 50 lbs.



This description has been reviewed to ensure that only essential functions and basic duties have been included. Peripheral tasks, only incidentally related to each position, have been excluded.Essential functions, requirements, skills, and abilities included have been determined to be the minimal standards required to successfully perform the positions.In no instance, however, should the duties, responsibilities, and requirements delineated be interpreted as all-inclusive.Additional functions and requirements may be assigned by supervisors as deemed appropriate.


In accordance with the Americans with Disabilities Act, it is possible that requirements may be modified to reasonably accommodate disabled individuals. However, no accommodations will be made which may pose serious health or safety risks to the employee or others or which impose undue hardships on the organization.

The Credit Union believes that each employee makes a significant contribution to our success.That contribution should not be limited by the assigned responsibilities.Therefore, this job description is designed to outline primary duties, qualifications, and job scope, but not limit the incumbent.It is our expectation that each employee will offer his/her services wherever and whenever necessary to ensure the success of our endeavors.

Job descriptions are not intended as and do not create employment contracts. The organization maintains its status as an at-will employer.Employees can be terminated for any reason not prohibited by law.





Experience and Skills