Follett Corporation is the world's largest single source of books, entertainment products, digital content and multi-media for libraries, schools and retailers. Headquartered in Westchester, Illinois, Follett provides education technology, services and physical and digital content to millions of students at 70,000 schools more than 2,850 physical and virtual campus stores in North America.
Under the guidance of Director of Information Security the IT Security Analyst will be responsible for, reviewing, analyzing and implementing security controls, functions and processes within the Follett enterprise.
- Administers the security for one or more IT functional areas across the enterprise. Implements and maintains security technology solutions, which may include technology for encryption, firewalls, authorization, authentication, intrusion detection, and gateway security controls.
- Establishing and maintaining user accounts, profiles, ACLs, permissions, and least-privilege security levels within Active Directory and across the infrastructure and auditing role-based security measures.
- Reviewing security system logs on a regular basis to report on any irregularities, issues related to improper access patterns, trending and event correlations.
- Performing Computer Security Incident Response activities and ensuring that proper protection or corrective measures have been taken when an incident/vulnerability has been discovered.
- Implements documented security standards, procedures, processes, guideline and policies, such as user authentication rules, security breach resolution procedures, security auditing procedures, and use of firewalls and encryption routines.
- Prepares status reports on security matters to analyze security risk and response procedures.
- Monitors and may recommend solutions for correcting issues related to security technology performance and capabilities. May track and monitor software viruses.
- Successfully manage multiple priorities and deadlines.
- Lead internal vulnerability management efforts, including network vulnerability scanning, web application security testing, and other specific security assessment efforts.
- Support internal security audits and assessments of external partner as needed.
- Interface with external partners to explain technical security issues.
- Work with members of Operations functional area to ensure the proper levels of hardening are applied to servers prior to production deployment.
- Provide insight and participation in security based projects.
- Participate as needed in Critical Incident and Implementation reviews.
- Respond to activities deemed to be improper or in violation of Information Security policies.
- Provide input into annual risk assessment, reviews, security awareness training program, ongoing security based projects, updating security policies, security incident response procedures as directed by EIT leadership.
In return for your expertise in these areas, Follett Corporation will offer you th eopportunity to shoawcase your skillset with a leadership that values, recognizes and rewards talent!
~We Look Forward to Working with You!~
Requirements will include:
- Bachelor's Degree or equivalent.
- 5 years direct technical experience implementing information security related technologies such as firewalls, IDS/IPS, SIEM, DLP, and encryption.
- 3 years of experience and training to assess system based on PCI/DSS standards.
- 2 years of experience conducting information security assessments, such as audits or penetration tests and computer security incident monitoring and response activities and methodologies.
- 2 years of experience performing cyber threat analysis or information assurance analysis.
- 2 years recent experience with Metasploit, Burp Suite, and other various vulnerability scanners (Qualys, Nexpose, Nessus).
- Experience with Firewall policy auditing and network penetration testing.
- Knowledge of security architecture for applications and infrastructure.
- General understanding of information security risks management practices.
- Knowledge of general application technology concepts such as Database and Server security models, file system security (unix and MS).
- Knowledge and understanding of application change management processes
- Strong problem solving skills, including the ability to develop innovative risk mitigation solutions that address core issues.
- Strong written and verbal communication skills.
- Technical knowledge of mainstream operating systems (for example, Microsoft Windows and Unix) and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security tools.