IT Systems Security Analyst interview

NetworkNewb

So going to have an interview within the next couple weeks (just had a phone interview with IT Supervisor and he is going send me a couple dates that work for him for an in person interview) and wondering what type of questions you guys think they might ask... Here is the job description:

Job Title: IT Systems Security Analyst
Job Summary:
Performs procedures necessary to manage systems security and account permissions to protect information security systems across the enterprise. Validates information security procedures are updated and followed. Audits and grants account permissions to network resources and applications. Performs network scans and reviews security logs and controls. Facilitates the remediation of vulnerabilities, documents and tracks information security issues or incidents. Assists with security assessments based on the direction of the IT Systems Security Supervisor. Administers and monitors data backups and archives.


Job Duties:

• Performs IT access control administration of user/network provisioning, de-provisioning and user permissions. Access control includes Active Directory and other systems account management, Email, group management, share/file permissions and access control management of services associated with internet and remote access. Performs regular audits of access control and provides reports as requested. Administers and documents standards and procedures associated with access control administration. Performs processes required to maintain system account permissions for organizational job roles.
• Reviews security controls for new systems being deployed/implemented. Reviews and documents disaster recovery events and validates tests are conducted periodically, properly documented and plans are in place. Performs routine network scans and reviews security logs for traffic patterns and system anomalies. Coordinates remediation’s of detected vulnerabilities. Reviews the latest news and research to contribute to the organizations information security strategy.
• Provides support for security assessments. Support includes reviewing activities for compliance with documented standards, assessing system configurations and gathering system artifacts for review. Monitors information security documentation for updates per scheduled requirements.
• Ensures data/media recovery by setting up and implementing a regular schedule of system backups and database archive operations. Monitors backup status.

MagnumOpus

Sec+, OSI Layer, and ACL questions. If you've nailed down Sec+ you should be good to go. The rest is merely conversation. Good luck mate!

Danielm7

Odd that they'd also have you taking care of backups. They'll probably throw in questions about the tools they use to perform most of the tasks you mentioned, since they didn't mention anything specific it'll be more difficult to prep for. But, try to know some of the more common tools, if you haven't worked with them at least know what they do and what you use them for. You might not have used a SIEM, but have you looked at firewall and systems logs? Do you know why you'd want to correlate them? etc.

636-555-3226

First bulletpoint is basic identity & access management. know details of share vs ntfs permissions , security groups, how to create/delete/disable/expire Active Directory accounts

Second bulletpoint sounds like risk management. project management office is putting in a new HR system but doesn't think they need to encrypt anything over the line or in the backend database. Once they're a week away from going live they ask for your input and you say they did it wrong from the beginning and need to start all over again. They say thanks for your input and go live in a week. reviewing and documenting disaster recovery events sounds weird - hopefully they don't have a lot of events rising to the DR level!!!!! if you've never used nessus, download it and the manual (its free) and learn how to use it. subscribe to Krebs, SANS Newsbites and @Risk, and listen to the Security Now! podcast on your way to and from work.

third bulletpoint. doesn't sound like anything. i guess once a year you'll read a document that hasn't been updated in 5 years, suggest to the owners of the document that they update it, have them not update it, and then repeat the process in another year

fourth bulletpoint. backups. that's all you really need to say about that. if you want to get more specific, download the Top 20 or NIST SP800-53 or PCI or any other random security standard and see what they dictate for good backup practices.

dustervoice

I wouldnt worry too much about what specific questions will be ask as you commit a million questions to memory and none of them being asked in the interview. The most important thing to focus on is being confident, honest and try to be as articulate as possible most times those qualities are much better to have than being able to answer difficult technical questions. If i were you, i would focus on procedures and ways of thinking about an issue/problem. i.e What is your thinking around vulnerabilities? what are the important things to consider/resources to allocate/management of vulnerabilities by risk/prioritization,etc. From there selecting or using the right technical tools is just a google search away. When I conduct interviews if i ask a candidate what the default port number for SSH and they forget or don't know ill forgive them for that but if i ask "describe to me a secure way of remotely connecting to a server" and they cannot answer that which is a broader concept then there is no forgiveness. Good Luck and let your experience shine.

NetworkNewb

Thanks guys! Definitely some good advice on what to look over.

The interview is in 11 days so got some time to prepare. Haven't had an interview in a couple years so definitely nervous though!!

Danielm7

One thing that had a big impact on getting my current job vs another candidate... Know the current/big security news. This is a field that changes all the time so you can't ever know everything, but if something big has just hit, even the day before, they might bring it up to see how aware you are of the field, it's good to know. In my case one of the big vulnerabilities had hit within the week, think heartbleed/shellshock/etc, it was even on the regular news to where even my non-technical wife had heard of it. I took an hour the night before just learning how it worked, how it was caused, etc. The other guy had already claimed he was deep in the security field, he hadn't even heard of it. They were really impressed by that and even told me during the interview how they couldn't believe the other final candidate hadn't even heard of it.

MagnumOpus

Danielm7 wrote: »

One thing that had a big impact on getting my current job vs another candidate... Know the current/big security news. This is a field that changes all the time so you can't ever know everything, but if something big has just hit, even the day before, they might bring it up to see how aware you are of the field, it's good to know. In my case one of the big vulnerabilities had hit within the week, think heartbleed/shellshock/etc, it was even on the regular news to where even my non-technical wife had heard of it. I took an hour the night before just learning how it worked, how it was caused, etc. The other guy had already claimed he was deep in the security field, he hadn't even heard of it. They were really impressed by that and even told me during the interview how they couldn't believe the other final candidate hadn't even heard of it.

^Huge. Good look out! Krebs on Security is a good start.

TechGuru80

-They could ask how you would go about verifying configurations being pushed out. Be at least broadly familiar with gpresults, rsop, and gpmc.
-Potentially could ask about audit codes but lets be honest that is only a quick google search if you need it and logs should be put into a dashboard with a SIEM.
-I would ask something about what to do in the case of an incident or a suspected incident (document, report, etc.).
-Possibly they could ask something about a certain type of traffic...or even have packet capture samples. Detecting an attack like a SYN Flood or a port scan.
-If it were me I would also ask about the different types of backups (full, incremental, differential), and what is a very important part of a backup system (testing the backups and making sure they actually work).

OctalDump

That job sounds as tedious as all those Info Sec people say.

I find it curious that you would have responsibility for setting up the back up, and for monitoring/auditing DR. Ideally, these roles should be separate. I guess if it is being adequately overseen...

NetworkNewb

OctalDump wrote: »

That job sounds as tedious as all those Info Sec people say.

I find it curious that you would have responsibility for setting up the back up, and for monitoring/auditing DR. Ideally, these roles should be separate. I guess if it is being adequately overseen...

Just had the interview today and this job did seem like it could be a little tedious. But with plenty of upside! It is with a large growing company and IT Security department there is fairly new and growing as well. They made it sound like this role could grow into almost any area in Security that I would want to go in. Met with IT Security Supervisor, Network Manger, and Security Architect. Definitely sounded like a pretty sweet opportunity to get my foot in the door.

Not to mention to get out of Help Desk type roles The interview went really well, hopefully hear some good new by the end of this week!

lsud00d

It sounds like a good foot in the door but I have seen similar type roles where the individual is essentially in charge of creating/enabling/disabling AD accounts. If you find this to be the MO don't stick around too long (1-2 years tops).

NetworkNewb

definitely! ^^ It will be on me to work hard, gain some skills/certs and move up

yellowpad

I went to lunch with old Professor today and made me realized something. Although I have been learning over three years, and passed a few important certs, I HAVE NO CLUE HOW TO ANSWER interview questions. Now I know my weak point. I really suggest those that are looking for a job, practice practice....and practice answering questions....start with, "What's the difference between OSI and TCP/IP model?

I nominate this thread to be a "sticky"

NetworkNewb

Just an update...

They sent me an offer today!! 26% increase on my current salary and it's better drive too! 10-15 minutes each way. Zero highway driving.

They also have an onsite daycare (get a nice employee discount on it) that would save me like $3k or $4k a year as well! Not sure if wife really wants to use it though. She loves our baby's current daycare and know the people take really good care there. But there is that option. Will have to check it out.

markulous

Congrats! Sounds like a really nice gig.

fuz1on

Super congrats! Great job!

coffeeluvr

Congratulations on the new gig!

cyberguypr

Congrats!

coreyb80

Congrats on the gig!

nascar_paul

Congratulations! Great job!

NetworkNewb

Thanks guys!! pretty pumped

yellowpad

Congrats!

Madmd5

Congrats! I'm trying to get my foot in the door with security as well. Sounds like a great opportunity for you!

NetworkNewb

Forgot to mention this, but during the interview I was asked what websites I like to use for IT related things. I mentioned techexams.net and the Security Architect there seemed to like that and she mentioned it is a good website (could be reading this now for all I know )

Just thought I'd share that.

techfiend

Yay! Hope it leads to great things for you! No highway is very important here, traffic is awful, especially when it snows. Did you by chance get this through a recruiter or direct apply?

NetworkNewb

techfiend wrote: »

Yay! Hope it leads to great things for you! No highway is very important here, traffic is awful, especially when it snows. Did you by chance get this through a recruiter or direct apply?

Thanks! Yea, I'm guessing on snowy days it will save me a few hours of driving!

Applied directly, always kept an eye on this company's job listings since it was a decent size company and was so close.

scaredoftests

Congrats!!