Responsibilities:
1. Participate in developing an IT strategic plan, evaluate/review existing infrastructure security configuration, and plan recommendations for future enhancements/solutions for environments of 300+ users.
2. Conduct accurate network inventory and security assessments through vulnerability testing and risk analysis.
3. Perform both internal and external security audits.
4. Analyze security breaches to identify the root cause.
5. Read, understand, and recommend solutions based on the results of internal and external audits.
6. Verify the security of third-party vendors and collaborate with them to meet security requirements.
7. Use network monitoring tools and security incident event monitoring to carefully examine network traffic and to identify both external and internal threats to ensure security specifications meet the client’s infrastructure guidelines.
8. Work closely with the IT team in designing and implementing a multi-layer security strategy.
9. Participate in the execution of disaster recovery testing.
10. Provide security expertise to business applications ensuring they are deployed and implemented securely.
11. Research and design short- and long-term changes and enhancements to the infrastructure. Ensure the network and systems dependent upon the communications infrastructure operate efficiently and effectively.
12. Review access/security logs and reports findings and provide recommendations to the Director of IT.
13. Works with various stakeholders and assists in the development and maintenance of the access control matrices as they apply to various applications.
Requested Qualifications:
14. Minimum of 3-5 years of IT security experience.
15. A Degree must be in Computer Science or a related field (e.g., Cyber Security, Information Technology, Information Assurance, Information Security, Information Systems, Computer Engineering, Systems Engineering, Computer Forensics).
16. Should be familiar with a variety of hardware and software platforms with an understanding of core technologies, pertaining to security risks and mitigation, such as TCP/IP, DNS, DHCP etc.
17. Experienced implementing NIST Cyber Security Framework (NIST 800-53) and CSC20 controls standards. Knowledge of IT data security compliance programs preferred including HITRUST, SOC 2, HIPAA/HITECH, NIST/CMS, or similar (e.g. FINRA).
18. Experience working with networks of 300+ users.
19. Efficient with OS Security, Windows & Linux.
20. Relevant experience must be in computer or information systems design/development, programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, and/or systems engineering. Network and system administration may account for some, but not all, of the experience.
21. Demonstrate experience creating detailed reports of risk findings and recommendations/ roadmap for improvement.
22. Must be able to work independently and/or in teams to accomplish stated goals.
23. Familiarity with project management or experience participating with longer timeframes a plus.
24. Experience with Ethical hacking, Intrusion prevention, Incident response, Computer forensics and Reverse engineering.
Desired Current Certifications:
25. Certified Expert Independent Assessors
26. CompTIA Security +
27. CompTIA Network+
28. CWAPT Certified Penetration Tester
29. Certified Reverse Engineering Analyst
30. Certified Ethical Hacker
31. GDPR
32. HITRUST Assessors
What we can offer?
33. A fun and fulfilling place to work
34. Competitive pay.
35. Health, dental, vision & life insurance
36. 401k retirement savings plan
37. Yearly handbag allowance
38. Product discounts
Benefits:
39. 401(k)
40. Dental Insurance
41. Disability Insurance
42. Employee Discount
43. Health Insurance
44. Life Insurance
45. Paid Time Off
46. Vision Insurance