Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and
software that are required to effectively manage the computer network defense, service provider
network and resources. Monitors network to actively remediate unauthorized activities.
Job Duties to include the following:
This position is reports to the Information Security Officer. The primary duties of this job are:
- Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures
(e.g., intrusion detection/protection systems, anti-virus, and content blacklists) for specialized cyber defense
- Perform system administration on specialized cyber defense applications and systems (e.g., anti-virus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup, and restoration.
- Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
- Build, install, configure, and test dedicated cyber defense hardware.
- Assist in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure.
- Administer test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider( s ).
- Create, edit, and manage network access control lists on specialized cyber defense systems ( e.g., firewalls and intrusion prevention systems).
- Identify potential conflicts with implementation of any cyber defense tools (e.g., tool and signature testing and optimization).
- Implement Risk Management Framework (RMF)/Security Assessment and Authorization (SA&A) requirements for dedicated cyber defense systems within the enterprise, and document and maintain records for them.
- Assist the CISO in developing a decentralized security model within the corporation that is based on appropriate checks and balances to assure compliance and accountability.
- Assess compliance of security policies and practices in accordance with regulations such as Sarbanes Oxley,
GLBA and HIPAA.
- Work closely with internal audit in all areas of security and system controls.
Other duties may be assigned.
Requirements to include the following:
- B.S degree (preferably in Computer Science) or equivalent information security experience required.
- Minimum 8-10 years of information security, IT or risk management experience. Has written corporate security policies and participated in developing a corporate security strategy.
- Strong understanding of security fundamentals.
- Broad understanding of multiple technologies, including Windows operating systems, iSeries, networking, firewalls, scanners, security policies, physical security, cryptography, PKI, directory services, VPN, etc.
- Must have excellent oral and written communication skills.
- Must possess excellent facilitation skills. Ability to facilitate workshops.
- Must be able to communicate the progress of the project to Senior Management.
- Excellent presentation skills.
- Certification as a Certified Information Systems Security Professional (CISSP) is preferred. Professional certification as SANS GSEC a plus.