This position is responsible for a broad range of tasks, including the day-to-day administration of information security tools and devices. Analyze systems and projects to align with information security requirements.
- Perform system security administration on designated technology platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines.
- Perform threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities.
- Provide incident and event data to produce exception and management reports.
- Develop and maintain documentation for security systems and procedures.
- Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
- Support and maintain processes related to Periodic Access Reviews and provide administrative support as needed.
- Assist in the management of firewalls, intrusion detection systems, vulnerability scanner, anti-virus, and web proxy.
- Monitor security vulnerability information from vendors and third parties.
- Conduct third party assessments based on security reviews and provide risk mitigation option and/or recommendations.
- Perform system and application vulnerability testing.
- Research threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
- Recommend security patches and any other measures required in the event of a security breach.
- Other projects and duties as assigned.
Education
- Bachelor's degree in information systems preferred; demonstrated work experience may be considered in lieu of degree.
Required Experience
- Two or more years of IT or network experience.
Preferred Experience
- Three years of IT Security experience working in a regulated environment.
- Experience working with information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.