Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
- Create new information security policies and procedures when needs arise. Maintain and update existing information security policies and procedures. Review the policy on an annual basis and assist management with the approval process.
- Act as a central coordinating department for implementation of the Information Security Policies.
- Create, maintain and distribute incident response and escalation procedures.
- Monitor and analyze security alerts and distribute information to appropriate information security, technical and business unit management personnel.
- Perform reviews at least quarterly to confirm personnel is following security policies and operational procedures.
- Control and monitor access to restricted areas and confidential data. Ensure appropriate physical controls are in a place where cardholder information is present.
- Hands on in Security projects.
- Supervise/coordinate SOC Team tasks.
- Perform penetration tests on computer systems, networks and applications
- Create new testing methods to identify vulnerabilities.
- Perform physical security assessments of systems, servers and other network devices to identify areas that require physical protection
- Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
- Search for weaknesses in common software, web applications and proprietary systems
- Review and provide feedback for information security fixes
- Stay updated on the latest malware and security threats.
- Serves as an Information Security subject matter expert and participates in the development, implementation and maintenance of information security for the line of business (LOB).
Job Requirements
- Strong understanding of basic computer science: Algorithms, data structures, databases, operating systems, networks, and tool development (not production quality software, but tools that can help you do stuff).
- Strong understanding of IT operations: Help desk, Network Technologies (Firewall, IPS, WAF, etc.), endpoint management and server management.
- Strong ability to communicate: write clearly and speak authoritatively to different kinds of audiences (business leaders and techies).
- Strong understanding of adversary Motivations: cybercrime, cyber hacktivism, cyberwar, cyber espionage and the difference between cyber propaganda and cyber terrorism.
- Strong understanding of security operations concepts: Perimeter defense, data loss protection, insider threat, kill chain analysis, risk assessment, and security metrics.
- Knowledge about SIEM and DLP solutions.
