Bachelor's degree (B.A.) from four-year college or university; or four years information security and two years advanced information security experience and/or training with an emphasis on engineering functions; or eight years of combined information systems and information security experience; and/or equivalent combination of education and experience.
Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and/or Certified Cloud Security Professional (CCSP) are strongly preferred. Must have advanced knowledge with PC and LAN servers, IT systems, and other Information Security related technologies. Has advanced technical skills in network servers, workstations, and applications.
Must have working knowledge of:
• Windows 2008+ Server Operating System Support and Configuration
• Azure Cloud Security Architecture and Implementation
• Certificate Authority and Key Management
• General Understanding of Linux/Unix
• Intrusion Protection Systems / WAF
• Fluent ability to operated Security Information and Event Management solution
Configures multiple products, both hardware and software, to interact with each other; devises solutions to a changing threat landscape as it evolves.
Responsible for assessing, recommending, developing, implementing and maintaining the firm's computer security infrastructure and security standards.
Provides technical engineering expertise in the selection, testing, implementation and deployment of information security systems. This includes the evaluation of new security products, and their interoperability with existing firm equipment.
Provides technical support and direction in information security monitoring, assessment, configuration, maintenance, auditing and testing.
Performs security event and intrusion analysis on a daily basis and mitigates any incidents that are medium to critical in nature. This may include troubleshooting non-security related equipment at the network layer level.
Performs penetration testing, including wired and wireless, social-engineering, and application security vulnerability assessments as required by management.
Provides guidance and input to technical reviews of proposed security projects and the certification and accreditation process.
Independently and, as a team member, plans, executes and documents security tests and evaluation.
Performs engineering and analysis of in-place technical and non-technical security controls protecting information and information systems. Uses advanced technical skills in network security design and implementation, including non-security related equipment interfacing as needed.
Has advanced understanding of the OSI model and how to apply the OSI model to daily troubleshooting and network security projects.
Manages information security aspects of IT projects, ensuring security protocols are in place and in compliance with other applicable information security policies. Reviews project plans for other IT teams to determine security requirements, and follows up to ensure security of new systems.
Provides guidance to non-senior security staff on information security and any security related projects.
Lead for security risk assessments and penetration studies of networks for both security and non-security equipment. Recommends solutions for security vulnerabilities and takes corrective measures and/or applies security patches when appropriate.
CyberArk experience highly preferred.