Information Security Administrator

US-MD-Bowie
1 month ago(12/19/2017 11:53 AM)
Job ID
2300
Min
USD $65,000.00/Yr.
Max
USD $100,000.00/Yr.

Overview

FIND YOUR PURPOSE.  JOIN OUR MISSION

 

As one of the largest credit unions in the region and top performing in the nation, NASA Federal Credit Union members enjoy banking with an organization that's well established, financially sound and thrives on technology. With a strong heritage to serving the needs of individuals in the science, technology and engineering fields, the credit union philosophy of People Helping People has always been a priority.

 

We offer a generous compensation and benefit package:

  • 401(k) match to 5% of earnings – immediate enrollment and 100% vesting
  • Choice of two health plans – 80% employer contribution
  • Dental – 85% employer contribution
  • Life Insurance – no cost
  • Long-term Disability Insurance – no cost
  • Employee Assistance Program – no cost
  • Paid vacation
  • Paid sick time
  • 10 Paid holidays
  • Profit Sharing eligible

 

JOB SKILLS/DUTIES SUMMARY

  • Ensures the secure operation of the Credit Union’s infrastructure.
  • Troubleshoots and resolves application or infrastructure security issues. This requires detailed knowledge of multiple systems, as well as an in-depth understanding of the functionality for these systems.
  • Monitors security logs, scrutinizing anomalous infrastructure events, establishing and updating security baselines, and troubleshooting.
  • Technical expertise on multiple platforms is required.
  • Participate in audit support activities, as they pertain to Information Security, for both internal and external audits. Perform audit support tasks as assigned.
  • Analyzes and resolves security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required.

WORK SCHEDULE

Hours may vary, but are generally 8:00 am to 4:30 pm.  Schedules are determined by the supervisor.  Overtime may be required. There will be periods of “on-call” duty.

Responsibilities

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following:

Other duties may be assigned.

 

  • Design and implement safeguards to minimize risks, maintain compliance, and enable security.
  • Stabilize, Standardize, and Simplify (S3) technology infrastructure and applications to optimize support resources.
  • Protect the integrity and security of the Credit Union network, data, and infrastructure.
  • Administer and maintain end user accounts, permissions, and access rights.

 

Level I:

  • Facilitates the day-to-day operations of the in-place security solutions.
  • Identifies, investigates and resolves security incidents detected by those systems.
  • Participates in the implementation of new security solutions
  • Participates in the creation and or maintenance of policies, standards, baselines, guidelines and procedures, and reports.
  • Demonstrates the ability to identify organizational risk and escalate appropriately.
  • Keeps current with emerging security alerts and issues.
  • Demonstrates familiarity with the NIST Cybersecurity Framework.
  • Enforces established policies, procedures and associated plans for system security administration and user system access.
  • Assists with the deployment, integration and initial configuration of all new security solutions and of any security solution
  • Reviews logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.
  • Assists with coordination of penetration testing to identify system vulnerabilities.
  • Assists with audit or examination preparations and required responses.
  • Applies scheduled fixes and security patches consistent with change management practices.
  • Participates in investigations into anomalous security

Level II (in addition to the requirements of a level I):

  • Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate
  • Implements and maintains policies, procedures and associated plans for system and network security administration and user system access. Oversee enforcement of these policies and procedures.
  • Respond to unauthorized access incidents or member information usage that could result in substantial harm or serious inconvenience to a
  • Maintains up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
  • Performs the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
  • Performs and/or oversee penetration testing of all systems in order to identify system vulnerabilities.
  • Assist with documenting responses to external audits, intrusion attempts, risk assessments, cyber-crime and vulnerability assessments.
  • Performs and documents risk assessments, as well as, investigates and remediates independent risk assessments.
  • Maintains, tunes, and analyzes alerts from network security devices including IDS/IPS, NAC, SIEM, Firewalls, and other network devices.
  • Manages security patches, fixes, and overall support of security tools consistent with change management practices.
  • Manages security-related incident response activities and security breach remediation.
  • Maintain operational security and cyber-security operations (e.g., incident response, security infrastructure management and monitoring services).
  • Provides regular security reporting to management.
  • Manages connection security for local area networks, the company website, the company intranet, and e-mail communications.
  • Manages and ensure the security of databases and data transferred both internally and externally.
  • Downloads and tests new security software and/or technologies.
  • Provides on-call support for end users for all in-place security solutions.
  • Provides security information and reporting to the Information Security Oversight Committee (ISOC).
  • Identifies reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing PI and PHI.

Level III (in addition to the requirements of a level II):

 

  • Provides technical guidance to junior staff.
  • Provides support and expertise to projects that require security expertise. Typically consults to project teams addressing projects of moderate size and complexity and where the security issues are clearly evident and can be addressed using various approaches.
  • Acts as an expert providing direction and guidance to process improvements and establishing policies.
  • Diagnoses security issues that may involve extensive analysis and recommends resolutions to management.
  • Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
  • Ability to balance project work with day-to-day administrative tasks and troubleshooting in a highly dynamic business environment.
  • Researches opportunities to resolve persistent IT security issues and improve overall IT security architecture.
  • Effectively contributes to the development of controls and processes improving information security services.
  • Expected to provide security expertise across multiple technical platforms.
  • Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
  • Researches and recommends additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
  • Exercises significant independent judgment within broadly defined policies and practices to determine best method for accomplishing work and achieving objectives.
  • Deploys and/or manages all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
  • Develops procedures for the execution of security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company systems (e.g., email, data, ecommerce and other internal or customer facing systems).
  • Lead information security resources for projects.
  • Manages and/or provides guidance to junior members of the team.
  • Manages the analysis and reporting of security activities to management.

Qualifications

EDUCATION and/or EXPERIENCE

Level I:  Associates degree in computer related studies or the equivalent in education and work experience.  Working knowledge of IT infrastructure and networks, as well as, the security measures required to protect corporate networks.  Effective problem solving and interpersonal skills required.  Excellent verbal and written skills required to provide effective communication and customer service.  Works under the direct supervision of an experienced IT security professional.

 

Level II:  Bachelor's degree in Computer Science or related discipline or the equivalent in education and work experience.  Two to four years of IT security administration, IT systems administration, or network administration experience.  Proven experience in the implementation and maintenance of IT security frameworks and systems.  Competent to work independently in most areas displaying an understanding of the security implications of technology within the business.

 

Level III:  Bachelor’s degree in Computer Science or related discipline or the equivalent in education and work experience. Three to five years of IT security administration, IT systems administration, or network administration experience. Proven experience in overseeing the design, development, and implementation of IT security frameworks and systems. Competent to work at the highest technical level regarding security implications of technology in the current business environment.  Under general direction, guides and advises less-experienced information security professionals.

 

All levels: Preferably possesses one or more industry certifications, such as:

  • CompTIA Security+
  • GIAC (Information Security Fundamentals)
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CCNA Security (Cisco Certified Network Associate Security)
  • SSCP (Systems Security Certified Practitioner)
  • MCSA (Microsoft Certified Systems Administrator) with specialization in Security
  • OSCP (Offensive Security Certified Professional)
  • GSEC (Cyber Security Essentials Certification)

#CB

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed