Principal Duties and Responsibilities
- Manage, configure and support on premise and cloud based information security monitoring systems including, but not limited to, Dell SecureWorks, Microsoft Office365/Azure security consoles, Cisco Umbrella and Palo Alto Panorama.
- Review and triage information from the sources listed below. In all cases, provide analysis, determine and track remediation, and escalate as appropriate.
- Information security monitoring systems
- Third party threat intelligence
- Vendor vulnerability information
- Coordinate activities of vendors performing vulnerability, risk analysis and penetration testing.
- Oversee and coordinate remediation steps with responsible Information Systems teams and other departments as needed.
- Manage and oversee internal department auditing function, which includes review of: user accounts; elevated privileges; patch and security configuration status; and information access.
- Manage the maintenance and development of the policies and procedures related to the Firm s Information Security Management System (ISMS).
- Actively participate in the Firm s Computer Security Incident Response Team (CSIRT) and Information Security Forum (ISF).
- Participate in the client security assessment and review process including: communication with client information security team, completion of written assessments, compilation of requested evidence, and participation in client audits.
- Performs other related duties as required by the Firm
Position Specific Skills and Requirements
- Strong knowledge of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information security landscape.
- Ability to research, develop, and keep abreast of tools, techniques, and process improvements in support of security detection and analysis in accordance with current and emerging threat and attack vectors.
- Strong understanding of internal control concepts and policies with focus on improving process/procedure manuals and documentation.
- Familiarity with the ISO 27001 certification process a plus
- Strong knowledge of Incident Analysis and Response concepts and techniques, including incident tracking process, root cause, lessons learned and process improvements.
- Strong writing skills.
- Working knowledge of network devices and architecture, TCP/IP, network protocols, server operating systems, vulnerability scanning, endpoint protection, intrusion detection, firewalls, and content filtering..
- Knowledge of MFA, PKI, Palo Alto, Cisco ASA, IDS/IPS, KiWi, SolarWinds, Nessus, Windows, Linux/Unix, Vmware, IDS/IP, forensic discovery, Certificate Authority (CA), PKI, Kerberos, SSL, HTTPS, LDAP, Active Directory, Group Policy, DNS, NTFS, SharePoint, Remote Access, Citrix, VDI, ACLs, etc
- Experience with various social engineering, and penetration testing approaches/tools for vulnerability identification, enumeration, and purposeful exploitation to determine security posture of a network, system, or application's security configuration
- Ability to handle sensitive and/or confidential material and information with suitable discretion
- Ability to take on additional tasks as defined by the Director of Infrastructure & Security.
- Excellent communication skills
Education and General Requirements
- Bachelor s degree, preferably with strong academic record.
- Information Security certification strongly preferred.
- provided by Dice
Associated topics: attack, identity access management, iam, information assurance, information technology security, malicious, security analyst, security engineer, threat, vulnerability
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.
Loading some great jobs for you...