Description Summary: Internal Security, Senior Analysts will work for Cybersecurity's data protection program in a critical role designed to help protect and defend against the loss of Huntington’s most critical data and the misuse and/or abuse of Huntington’s Corporate systems and information. In this position of high trust, the Data Protection Analyst will triage myriad developing scenarios alerts related to protection of intellectual property and the security of Huntington’s most critical assets. The analyst will become a subject matter expert and play an important role in testing and evaluating new processes designed to help improve visibility into potential gaps in the current operating environment where warranted.Strong Business competencies:
MS Office (Word, Excel, PowerPoint)
Excellent communication skills (writing reports for management/senior management, presenting to small groups/forums, etc)
Multi-tasking effectively in fast pace environment
Advanced analytical problem solving
Cross team or system data collection, correlation and analysis
Leadership:
Independently identify and document programmatic or technological issues
Independently make recommendations for process improvement
Intermediate and hands-on working knowledge of:
Networking Fundamentals (OSI & OWASP Models, TCP/IP, Interconnecting Network Devices, SSH, SSL/TLS Encrypted Communications, X.509 Certificate Management, Kerberos, SMTP, HTTP/HTTPS
Data Privacy Fundamentals (Familiarity with Data Privacy Laws and Regulations Fundamentals, Understanding of Personal Identifiable Information (PII) protection, Basic understanding of Privacy Breach reporting/impact analysis)
Cyber Security Fundamentals (Familiarity with key concepts of Vulnerability Management, Network Security/Secure Transmission Management, Data Loss Prevention, Identity Access Management, Incident Response, IT Risk Management)
IT Infrastructure Fundamentals (Familiarity with key concepts of IT Infrastructure: Client/Server, Middleware services, 3 tiered architecture (Web/Middleware/Server & Databases), Databases, Cloud Services (IaaS, PaaS, SaaS)
Duties & Responsibilities:
Execute and Support the Internal Security domain operational procedures (communication and tracking).
Participate in creating / maintaining Internal Security policies and standards.
Assist in the generation and publication of Internal Security KPI/KRI metrics.
Document activities in accordance with Agile Project Management methodology (Backlog activity, Change Mgmt, Sprint activity planning, etc)
Support and independently execute both scheduled engineering build/configuration events as well as incident(break/fix) events including 24x7 support.
Works closely with the other cyber and IT/TIPS teams, and various lines of business to mitigate risk.
Identify and drive process improvement within Internal Security program, including identifying new sources for implementation of appropriate Data Protection controls and technologies.
Basic Qualifications:
Associates or Bachelor’s Degree in IT Security, Risk Management or Computer Science discipline (military service may qualify)
3-5 year’s experience in Cyber Security background
1-2 year’s experience in Data Protection, Network Security or Incident Response background including experience with the following technologies (DLP, Encryption Hardware/HSMs, Public Key Infrastructure (PKI), Windows Server Administration, TLS/SSL Certificate Management, Venafi, OpenSSL, Data Tokenization.
Preferred Qualifications:
Active Security Certification: Security+; Network+; CISSP; GCTI; CEH; GSEC; CCNA
Intermediate programming skills (read/interpret scripts, composing basic scripts) with any of the following languages: Python, Powershell, Java, Java Script, SQL, JSON, SQL or equivalent
Direct hands-on experience with Cyber Security organization supporting related technologies or services in Data Protection areas
Experienced proficiency with troubleshooting moderately complex IT infrastructure/Server/Networking issues
Experienced proficiency with technical system maintenance (Patch management, configuration management, design documentation management)
Ability to communicate effectively clearly and concisely verbally and through technical writing
Understanding of security architecture and tools which can be leveraged for threat mitigation
Actively support security collaboration with internal and external parties
Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)
YesWorkplace Type:HybridHuntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law.Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.Agency Statement: Huntington does not accept solicitation from Third Party Recruiters for any positionThis employer will not sponsor applicants for the following work visas: F-1 student, H-1B worker, O-1 worker, TN worker, E-3 worker. Applicants must be currently authorized to work in the United States on a full-time basis.