Description
Responsible for support and operation of security infrastructure, monitoring systems, and reporting tools. Assists in managing security-related configurations, platform hardening, and other control systems for servers, network devices, cloud environments, and software solutions. Evaluate IT service requests for security concerns and potential issues, providing feedback to stakeholders. Integrate with IT infrastructure and application development projects to represent security concerns and initiatives. May lead small security projects related to administration efforts.
Responsibilities
- Contribute to the development of Information Security policies, standards and procedures. Assist operations and development teams in aligning operating procedures with information security best practices.
- Participate (and captain) Security Incident Response Processes.
- Participates in Enterprise Security Red Team program and associated tabletop activities, analyses, and drills.
- Apply internal controls and security concepts in a wide variety of information technology processes and appropriately assess the exposures resulting from ineffective or missing controls.
- Participate (and lead) enterprise vulnerability management program and associated processes.
- Coordinate with development teams around Application Security best practices, application vulnerability scanning, penetration testing, and data privacy processes.
- Serve as an internal information security consultant to business, development, and infrastructure teams, advising internal business units with current information about best practices, changes to the threat landscape and security related regulatory issues.
- Within the area of assigned responsibilities, provides direct training to all employees, contractors, alliances, or other third parties, ensuring proper information access in accordance with established organizational information security policies and procedures
Required Skills
- Bachelor degree in discipline related to functional work or role with 4-7 years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience.
- Previous experience leading sensitive investigations.
- Previous experience with customer and business-facing communication.
- Previous experience presenting in-front of large groups and/or to executive leadership
- Previous experience with the concepts of application security (AppSec) including basic control structures and threats. Application vulnerability management and/or penetration testing a plus.
Strong proficiency and/or previous experience securing the following:
- Microsoft Office Suite (Traditional/Office 365)
- Google G Suite
- Microsoft Server Platforms
- Microsoft Endpoint Platforms
- OS X/MacOS
- Linux: Debian, CentOS
- Firewalls: Palo Alto Networks, Cisco
- Endpoint Security: Symantec, Sentinel One
- SIEM and Logging: Splunk, LogRythym
- DDoS: Radware, Arbor Networks
- Vulnerability Management: Nexpose, OpenVAS, Burp, ZAP
- WAF: Citrix NetScaler, Imperva
- Databases: SQL Server, Oracle
- Application Servers: IIS, Apache, Nginx
- Ecosystems: .Net, Java, PHP