Department: Information Technology

Position Summary:
Ensures proper security measures and controls are in place to maintain integrity of core business applications and systems. Coordinates and executes information security control activities related to SAS 70 audit activities. Monitors information systems to ensure appropriate information access levels and authorizations are maintained. Assists in the execution of security assessments of core applications and associated IT systems to identify potential risks, evaluate internal controls, and ensure information security requirements are upheld. Performs configuration of security event and information management system to provide proper alerting based on defined correlations and thresholds. Maintains and oversees implementation of technology to monitor systems and applications within IT infrastructure. Monitors information system logs for unusual or suspicious activity. Interprets activity and coordinates activities to resolve identified issues. Conducts regular security reviews of user accounts and associated privileges of critical systems within IT infrastructure. Works with various business departments to coordinate regular reviews of security access. Defines security requirements to be included as part of business application and technology implementations. Investigates potential security issues and documents findings as part of security incident reporting requirements. Monitors enforcement of policies, procedures and associated plans for information security and user system access based on industry-standard best practices. Assists in recognizing and identifying areas where security policies and procedures require change or new ones need to be developed. Conducts vulnerability assessments and track remediation status of identified vulnerabilities. Keeps current with emerging security alerts and issues. Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.

Requirements:

• Bachelors degree in Computer Science/Information Systems or equivalent combination of education and experience.
• 3 years of experience in Information Technology, with 1-2 years dedicated Information Security experience required.
• Knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices.
• In-depth technical knowledge of network, PC, and platform operating systems (Windows, Unix/Linux, Cisco IOS, etc.). Strong understanding of TCP/IP and networking/system vulnerabilities.
• Strong analytical/problem solving skills. Reporting skills essential.
• Hands-on experience administering a security information and event management (SIEM) system preferred.

Status: Full Time

Type: Exempt

In order to be considered for this position, please apply online. Questions? Please Contact: