| Position Summary
The candidate will be primarily responsible for assisting in design of the protection of the confidentiality, integrity, and availability of proprietary information by monitoring, analyzing, enhancing and maintaining technical security controls in support of the Information Security Program. The ideal candidate will be a security professional for specific current and emerging technologies including in the areas of mobility, cloud, and collaboration. Motivated, self-starting, continuously learning candidates will enjoy the best of both working in a tight-knit team and having individual responsibility and independence.
- Serve as a member of Network Services team performing varying security duties including threat awareness, network analysis and incident response.
- Supports internal and external security regulatory compliance framework.
- Collects and prepares documentation from various systems and collaborates with network services team to support implementation of O365 and Azure ATP.
- Tracks the status of security exposures and works with Network Services team and other stakeholders to remediate them.
- Performs IT Audit activities and testing of controls.
- Works with Information Security management to develop and maintain security policies, practices and standards.
- Support vulnerability scanning activities interprets the results and validates potential exposures. Experience with tools such as Nessus, Qualys, Burp Suite, NMAP, Metasploit and other similar tools.
- Support infrastructure including Active Directory, VMWare, Storage Arrays, and Network equipment.
- Work within the ADE ticketing system as needed to address certain support activity tickets meeting manager expressed SLA.
- Advanced knowledge of network architecture design principles, practices, implementation and LAN/WAN maintenance.
- Experience with hands on troubleshooting with firewalls, routers, and switches.
- Advanced understanding of Layer 2 and Layer 3 technologies (routing/switching, BGP, EIGRP, MPLS, Spanning-Tree).
- In-depth knowledge of Layer 4-7 app aware firewalls.
- Palo Alto Networks (AV, Threat Protection, URL Blocking, and Global Protect), Cisco routers and switches (ISR, Catalyst 4500, 2960), and Cisco Wireless, Extreme Wireless.
- Host level security knowledge (Windows, *nix, and VMWare).
- In depth knowledge of Active Directory and Group Policy.
- Mobile security knowledge (brokered/virtualization options, device security, bring your own device (BYOD) considerations, MDM familiarity, iOS/JAMF use, Android).
- Experience with Office 365 Advanced Threat Protection, Data Loss Prevention, Data Governance, Data Privacy, Mail Flow, and Mobile Device Management.
- Knowledge of and experience with security regulations, standards, and processes including CIS, PCI, FERPA, FFIEC, and NIST.
- Experience in the public sector is preferred.
- Experience working on an Agile/Scrum team is preferred.
- Familiarity with risk management methodology, evaluating risks against business requirements, determining probability and impact of weaknesses based on knowledge of the system or environment and TTPs used by adversaries.
- Familiarity with assessment and security logging tools such as Nessus, Security Center, Acunetix, Nmap, Splunk, and other similar tools.
- Ability to effectively collaborate with IT and business experts.
- Ability to work as part of a self-directed team, in which tasks are determined daily in coordination with co-workers, rather than being assigned.
- Ability to excel in a collaborative and distributed team environment.
- Ability to work with a minimal amount of direction while being pro-active in keeping their management informed of project related issues.
- Ability to work under pressure.
- Ability to respectfully question ideas and share a point of view with others in support of the business requirements and needs.
- Ability to effectively communicate with various levels of employees ranging from entry level to senior leadership.
- Ability to manage multiple projects at the same time and shift priorities quickly.
- Proven strong problem-solving skills, troubleshooting and root cause analysis.
- Excellent written and verbal communication skills.
- Strong aspiration to learn modern technologies.