The Municipal Securities Rulemaking Board (MSRB) seeks an Information Security Analyst who will play a key role in safeguarding our organization by actively engaging in operational security procedures. The Information Security Analyst will manage day-to-day security tasks, which include managing alerts, investigating phishing incidents, resolving end user inquiries and maintaining and troubleshooting security tools and platforms. Additionally, the analyst will help enhance existing controls, implement new security measures, and stay abreast of emerging threats to cybersecurity.

Key Responsibilities:

Operational Support:

• Directly triage and respond to security alerts, phishing reports, and end-user requests on a regular basis.
• Identify and resolve issues in MSRB controls, systems, and applications.
• Support maintenance and troubleshooting activities for the Information Security program, including maintenance related to visibility, logging, SIEM, and anti-malware controls
• Support vulnerability management processes, such as scanning, assessments, penetration testing, and remediation efforts.

Continuous Improvement and Attack Surface Reduction:

• Identify and implement improvements in vulnerability management, anti-malware and SIEM platforms.
• Assist with implementation of new security tools and controls to enhance the organization's security posture.
• Proactively monitor and understand the evolving threat environment and cybersecurity developments.

Enterprise Security:

• Apply expertise in enterprise security, including networking and security measures for systems in physical offices, end-user laptops, conference room computers, etc.
• Identify configuration issues and improvement opportunities.
• Lead and assist defense-in-depth efforts.
• Review and improve security-related SaaS configurations.
• Assist with Identity and Access Management efforts, including access reviews and implementation of least privilege.

Communication, Education, and Security Awareness:

• Assist with incident response efforts.
• Assist with selection and management of security awareness courses, simulated phishing campaigns, and other routine education exercises.
• Communicate security policies and best practices to end-users, fostering a security-conscious culture.
• Assist staff with monitoring for and ensuring compliance with security policies, procedures, standards, and guidelines.
• Educate staff on associated risks and benefits of technologies.

Qualifications:

• Bachelor s degree in Computer Science or related studies OR three year of experience in an IT support role, maintaining computer hardware/network support.
• Knowledge of malware analysis technologies and standard processes and common commercial off the shelf Malware Tools is required.
• Must have experience working with Windows 10 and Windows 2012/2016 server operating systems.
• Experience with remote connectivity and supporting users connecting to the office, network switching, firewall security, internal/external DNS and SMTP is preferred.
• Candidates should demonstrate foundational knowledge and understanding of Information Security or technology principles, frameworks, and concepts.

No third-party agencies, please.