Desired Skills and Experience
- Bachelor’s Degree in Computer Science (or related field)
- Minimum 3 years’ total experience in Information Technology, with at least 2 years specifically in Information Security.
- One or more security certification such as SANS/GIAC, CISSP, CISA, CISM, CEH, required
- Scripting/programming skills (PowerShell, Bash, Perl, Python) and familiarity with ethical hacking
- Experience with Windows Server 2008/2012, RHEL, and CentOS
- Knowledge of UNIX and Windows environments as may pertain to Network and Security tasks including syslog, DNS, load balancers, Windows Event Log
- Review technical security posture (network, application, database) for existing and newly acquired businesses or services
- Perform security review and monitoring of the production environment setup permissions of users, open ports/services and overall network setup
- Examine network, server, and application logs to determine trends and identify security incidents
- Use security tools to audit infrastructure, detect issues and coordinate remediation of any issues
- Manage Payment Card Industry (PCI) requirements such as internal/external network scanning and cryptography methodologies
- Perform monthly scans of the internal and external networks for critical or high vulnerabilities for adherence to PCI and SOX
- Set up dashboards and review production logs and look for patterns of possible security incidents SIEM solutions such as Splunk, QRadar, LogRhythm, ArcSight, and ELK
- Follow, develop and improve network and security configuration procedures
- Review requests for increased network access and provide risk-analysis.
- Deliver, maintain and improve security awareness training.
- Manage endpoint security tools like antivirus, antimalware and incident response tools.
- Experience with various security tools such as Retina, Nessus, FireEye, Snort, Nexpose, McAfee, Symantec, Carbon Black, BlueCoat, NMap, Metasploit, etc.
- Work with other teams to remediate discovered deficiencies.
- Requires excellent oral and written communication skills to work effectively with others regardless of departmental or geographic boundaries
- Requires the ability to produce detailed technical documentation
- Requires experience developing and presenting recommendations to peers and management
- Requires good organization skills to produce quality work, within required specifications, and within scheduled timelines
- The position requires individual initiative and ability to influence events, rather than passively accepting them, in order to achieve goals. This means being proactive and a self-starter and going beyond specific job responsibilities to ensure goals are achieved or exceeded