This position requires a seasoned professional in IT Security and Compliance who independently implements security controls, analyzes and implements IT security devices and systems, and regulates network access. The professional will be responsible for a wide range of security responsibilities, with a focus on planning, analyzing and deploying solutions on premise while also considering cloud solutions in AWS or Azure. The professional is expected to work within cross-functional project teams and is responsible for the overall health and performance of a system, while frequently working with technology providers and developers to deliver and maintain secure solutions. The professional is expected to operate and perform at the highest levels of confidentiality and integrity.
? Design, develop, test, integrate, implement and document information security solutions for all OSI model layers such as (but not limited to) proxies, remote access, firewalls/gateways and intrusion detection/prevention systems of moderate to high complexity
? Apply security policies to meet security objectives of the system
? Analyze current cybersecurity features, integrate new security features into existing infrastructures, and help to resolve integration and testing issues
? Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation
? Serve as a security technical lead on enterprise IT projects through the creation and implementation of detailed designs, as well as a security liaison while working with other security experts to identify and remediate security concerns during project implementation
? Properly document all systems security implementation plans, operations, and maintenance activities and update as necessary
? Subject Matter Expert on all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction
? Support complex operational tasks that are assigned as part of project implementation
? Assess adequate access controls based on principles of least privilege and need-to-know
? Perform detailed troubleshooting in support of system remediation efforts
? Act as security representative for cross-functional troubleshooting teams to aggressively identify and correct enterprise issues
? Mitigate/correct security deficiencies identified during security testing and/or recommend risk avoidance/acceptance for the appropriate senior leader
? Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities
Basic Qualifications: Candidates for this role should possess a Bachelor’s degree and three years of prior relevant experience or in the absence of a degree, six years of prior relevant experience.
? Must possess a strong understanding of TCP/IP networking principles and secure coding practices
? Must be able to obtain a security clearance
? Must be able to independently own, lead and drive security projects to completion
? Must be a team player willing to engage and work with other team members
? Must be able to professionally frame risk management decisions, and work with leadership to determine best course of action for securely moving the business forward
? Must be able to professionally communicate security concerns and positions to non-security and/or non-technical audience
? Must have experience with Windows and Unix-based operating systems
? Security certifications (e.g. Security+, GCIA, GCIH, CISSP, CEH, GIAC, AWS Cloud Architect/Security, or Microsoft 365/Azure Security)
? Apply security policies to meet security objectives of the system.
? Apply service-oriented security architecture principles to meet organization s confidentiality., integrity, and availability requirements.
? Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
? Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
? Implement specific cybersecurity countermeasures for systems and/or applications.
? Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
? Properly document all systems security implementation, operations, and maintenance activities and update as necessary.
? Assess the effectiveness of security controls.
? Assess all the configuration management (change configuration/release management) processes.
? Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.
? Analyze and report system security posture trends.
? Assess adequate access controls based on principles of least privilege and need-to-know.
? Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed.
? Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
? Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
? Verify minimum security requirements are in place for all applications.
? Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
? Work with stakeholders to resolve computer security incidents and vulnerability compliance.
? Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.