Vacancy expired!
- Responsible for the day-to-day risk management, threat assessment, and incident response; remediate and reduce risk through identification of larger security threats.
- Develop, execute, and track the performance of security measures to protect information and network infrastructure.
- Plan, configure, and manage security tools and processes to ensure security controls are met and leveraged against security standards baseline.
- Create and update project timelines to build out security services, procedures, business processes technologies, and controls; identify security needs based on ongoing testing and inventory review.
- Perform Compliance and Audit management review through Governance, Risk, and Compliance (GRC) Tooling.
- Manage the standardization and testing of security system controls to ensure continuity and resilience of security operations.
- Identify and validate vulnerabilities from a variety of sources; act as a resource and guide to engineering teams to provide guidance on resolving vulnerabilities.
- Monitor information systems for security incidents, threat notifications, and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends.
- Research system vulnerabilities such as malware, ransomware, and other exposures to cloud or system infrastructures.
- Respond to information security incidents, including investigation of, countermeasures to, and recovery.
- Document security incidents; notify leadership, stakeholders, and necessary partners of security threats, as necessary.
- Create reports related to a variety of security protocols including but not limited to system vulnerabilities, risk threat, assessment, and rating, and root cause analysis.
- Serve as a key and/or primary stakeholder in security projects.
- Participate in the audit process by external organizations.
- Mentor and train colleagues on security protocols to raise awareness of security hygiene to lower threat risk.
- Bachelor's Degree in Information Technology (IT) or a technology security focused discipline.
- Or, any combination of education, experience, or certification which would provide the required qualifications for the position.
- 6+ years of experience in Cloud Architecture and Networking.
- Experience working in an environment with one or more of the following: Sarbanes-Oxley Act (SOX), Security Operation Center (SOC), Payment Card Industry (PCI), or National Institute of Standards and Technology (NIST)
- Experience working on cloud-based, enterprise applications and systems.
- 6+ years of experience in Information Security Program.
- 6 + years of experience in Information Technology.
- Certified Information Security Systems Professional (CISSP).
- Networking, Architecture and Security Certifications such as Information Systems Security Architecture Professional-(ISSAP) or Certified in Risk and Information Systems Control (CRISC).
- Microsoft Azure Certification (e.g. Security Engineer, Security Operations, Identity and Access Administration, Information Protection Administrator, etc.)
- Knowledge of security vulnerability tools and management.
- Knowledge of architecture security planning.
- Knowledge of Audit and Compliance policies, procedures, and reporting.
- Knowledge of Framework adoption.
- Knowledge of IT Security policies, procedures, and best practices.
- Knowledge of access control systems and physical security systems/components.
- Knowledge and understanding of adversary tactics, techniques, and procedures (TTPs), threat detection, response, and recovery.
- Knowledge and understanding of threat and vulnerability management processes including metrics to measure performance.
- Knowledge and understanding of crisis operations, risk management, and crisis communication.
- Knowledge and understanding of Windows, Azure Infrastructure, and administrative functions to support security risk queries.
- Ability to design secure networks, systems, and application architectures.
- Ability to manage tactical daily operations and participate in strategic security project plans.
- Ability to work independently as a self-starter in a fast-paced environment.
- Ability to demonstrate excellent organizational skills, with the ability to prioritize workload, meet deadlines, and multi-task while maintaining attention to detail.
- Ability to work in a team environment employing a hands-on approach with colleagues at all levels of the organization.
- Ability to demonstrate excellent written, verbal, and technical communication skills.
- Ability to foster collaborative, open, working relationships with technology and other stakeholders throughout the organization.
- Ability to demonstrate sound judgment in making critical decisions.
- Ability to mentor, train, and teach colleagues throughout the organization.
- Ability to establish and maintain effective working relationships through collaboration and respect.
Vacancy expired!