Information Security Analyst - What should I expect in the interview?

f16jetman

Today I have a technical phone interview for an Information Security Analyst position. I have never interviewed for a security position (or an analyst position), so I am not sure what to expect during the interview. Can any of you who are currently in InfoSec provide any tips?

cyberguypr

I would look at the job description first.

f16jetman

I have done that, or else I wouldn't have applied.
Job description:
The Information Security Analyst will be part of a team supporting penetration testing activities and documentation work. The Information Security Analyst will be responsible for a variety of tasks including but not limited to:
· Assisting in the maintenance of a vulnerability management process,
· Penetration testing and audit readiness testing,
· Vulnerability Management & Patching,
· Generating Vulnerability Management & Patching reports with all relevant actions and information,
· Assisting in the management of InfoSec Programs,
· Analyzing vulnerabilities, and other findings,
· Providing administrative support,
· Researching and authoring policies and procedural documents, and
· Participating in peer review of deliverables.

The Information Security Analyst will primarily need Knowledge in tools like Nessus and Nexpose and Burp Suite and Kali Linux other network and application scanning tools and other security assessment tools, audit tools, and vulnerability scan tools. The analyst will work closely with team members, managers, system owners, information security officers and other customers.
Additionally, the Information Security Analyst will assist in supporting other security program functions such as audit efforts, quality control, continuous monitoring, risk management and responding to ad hoc data calls. The ideal candidate will possess a solid technical and writing background with a desire to learn and be involved in the establishing and maturing an Agency-wide information security program.

Minimum Qualifications:
· A Bachelor's Degree or degree in process for Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline. Experience can be substituted for education.
· 1-2 years or more of relevant job experience.
· US Citizenship.
· Must be able to obtain and maintain a DOE clearance
· Strong writing, editing, and oral communication skills including the ability to communicate complex technical issues to non-technical staff.
· Demonstrated ability to prioritize and manage competing work assignments in a time sensitive environment.
· Strong inter-personal and communications skills.
· Experience with composing professional email correspondence.
· Demonstration of ability to solve problems using best practices and systematic approach.
· ***Interns that have combinations of these skills will also be considered.

Required Tool Experience
· MS Office Suite (Word/Excel/Outlook)

Desired/But Not Required Tool Experience
· Tenable Nessus Vulnerability Scanner
· Nexpose Vulnerability Scanner
· Burp Suite Vulnerability Scanner
· Kali Linux and tools
· Security Content Automation Protocol (SCAP)
· Symantec Endpoint
· Demonstrate skillsets and experience in addressing vulnerabilities in : Microsoft Windows Client/SQL/Server, RedHat, SSL, VMWare, SSH, SNMP
· Other network and application scanning tools.

Desired Qualifications:
· Experience working with National Institute of Standards and Technology (NIST) guidelines.
· Experience applying, analyzing and assessing information systems and security controls (NIST SP 800-53, Rev 4).
· Understanding of attack vectors and methodologies.
· Knowledge of and experience with applying Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS).
· Experience working with perimeter technologies (e.g., firewalls, proxies, NIDS) and vulnerability management tools.
· Interest in learning the concepts of business development and capturing new business
· SANS, Security+, CASP or equivalent security certification
· Experience with vulnerability management, patch management and configuration management best practices.

scaredoftests

I would imagine they would ask your experience in MS office suite, scanning and such. Brush up on all the desired qualifications.

f16jetman

Ok, thanks cyberguypr and scaredoftests.

mikey88

You have the desired certifications. As long as you took your time to learn the materials, you'll be fine.

cyberguypr

Based on this description I would be ready to talk about some major, highly publicized vulns. Something along the lines of Heartbleed, Eternalblue, Spectre/Meltdown, etc. Nothing to in-depth but be able to speak at a high level on how they work and potential mitigation options.

In regards to vulnerability management process, they may ask you about common tools. Again, just awareness og major ones should suffice, no need to be an expert. It would also help to be aware of the stakeholders in the process: CISO, system/security engineer, asset owner, etc. Prioritization of remediation is also a big thing that I would expect to come up.

They mention NIST, so again, understand at a high level those that apply to the posting.

Do not forget about soft skills. Real security shops are there to enable the business and establishing and keeping those relationships is essential. I've had way too many technical peeps come through my desk that have zero business acumen. Immediately reduces their chances.

The absolute most important thing: admit when you don’t know something. Communicate your willingness to learn and grow as a professional.

mikey88

Good tips by Cyberguypr.

It's an entry level (1-2yrs exp) government position based on the job description. Don't sweat it too much. You'll mostly be doing vuln scanning, patching and making sure systems are compliant. It's not a glamorous job. Good Luck.

veritas_libertas

Off topic, but I find that the title Security Analyst is generic and applied to almost any security position.

I agree with the above suggestions. Also, Daniel Miessler has a nice set of questions and answers that should help you:

https://danielmiessler.com/study/infosec_interview_questions/