IT Security Risk Analyst

MSR Global is a global consulting firm and advisor on business strategy. We partner with clients from the government, private, public, and not-for-profit sectors in all regions to identify their highest-value opportunities, address their most critical challenges, and transform their enterprises.

This role will be part of the Infrastructure Protection Unit within the Information Technology Group of the Arizona Department of Transportation. This position requires expert level experience and administration duties with security even and incident management systems (SEIM). It also requires expert level experience in security engineering, network security, authentication and security protocols. The position requires hands-on analysis activities such as identifying SQI and XSS vulnerabilities, analyzing packet captures and completing scripting (e.g., PowerShell, VB) tasks. The position requires skill in IT certification activities such as vulnerability scanning, syslog review/interpretation and application security analysis. Documenting system security plans and completing risk assessments are required for this position.

* Administer the security event and incident management (SEIM) system. * Analyze packet captures, network configs, system logs, application code and scripts. * Write scripts to automate manual security tasks. * Complete written security audits and risk assessments. * Identifying web application and database deficiencies and vulnerabilities. * Certify systems based on database configuration, application scans and system configuration settings.

* Bachelor degree with six years of information security experience; or bachelor degree with three years of security risk assessment experience * Three years' experience administering SEIM systems * Firm understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800 series, FISMA, BITS etc.) * Firm understanding of network security, OSI model, and information security architecture * Demonstrated experience in penetration testing/vulnerability mgmt tools and techniques Preferred Skills * Secure Network administration * Security Event & Incident Management system administration * Packet Analysis & Scripting * Ethical Hacking * Network, Application, Data and Host Security