The Cybersecurity Specialist reports to the Head of Infrastructure & Information Security, works closely with IT and business stakeholders to safeguard all critical system assets through proper cybersecurity framework and practices, and help organization become more proactive in addressing vulnerabilities and threats. As the internal expert in the field of information security and cybersecurity, the Cybersecurity Specialist has the overall accountability of establishing, monitoring, managing, and maintaining the technologies and processes used to secure company information systems and networks.
The successful candidate must demonstrate a strong ability to manage and improve operational security functions, implement risk-based solutions, develop and maintain security metrics, promote security best practices across the organization and partner with stakeholders from various IT and business teams. Focus areas will include managing security requests, investigating, and responding to alerts and incident tickets, developing and maintaining security documentation, network and endpoint security management, vulnerability management, identity and access management, incident response, SIEM and log management, cloud security operations, overall security monitoring and reporting. Additionally, the candidate will be responsible for contributing to internal control testing related to client and regulatory audits (e.g. PCI, HIPAA, SOC1/2) by gathering and submitting proper technical evidence based on control testing needs and ensuring controls tests are completed comprehensively and on time.
This position works with other stakeholders and the Infrastructure & Information Security leadership team in responding to and managing all security events and incidents to ensure the protection of company and client assets across the business.
Primary Responsibilities and Duties:
- Monitor and manage the Information Security request queue, including analysis and resolution of outstanding issues and process improvement.
- Manage endpoint and network security environments including overall health, policy modifications, troubleshooting/resolving issues and producing monthly health metrics for workstations, servers, and identities.
- Analyze and resolve security events/alerts Including:
- monitoring and management of the SIEM platform
- managing the logging health of various log sources (e.g., Windows and Linux systems, cloud infrastructure and services, and network and security infrastructure).
- Supports and manages the vulnerability management platforms for infrastructure and application scanning. Including:
- development and maintenance of scanning policies
- onboarding assets
- validation and false positive research
- remediation tracking
- process improvement
- Supporting PCI, SOC1/2, HIPAA, and client security assessments. Includes gathering, uploading, and reviewing evidence.
Minimum Education and/or Experience Requirements:
- Bachelor’s degree plus at least 10 years of industry experience, with 3+ years of Information Security / Cybersecurity experience
- Minimum working knowledge of:
- penetration testing
- vulnerability management
- SIEM/log analysis
- network security
- endpoint security
- Active Directory
- Windows/Linux security
- email security
- DLP concepts
- incident response
- Familiar with NIST Cybersecurity Framework and mapping of internal controls
- Familiar with endpoint security products and concepts (e.g., malware protection, network protection, forensics, DLP, EDR/MDR/SOC).
- Exposure to adjacent technology domains such as cloud, network infrastructure, audit & compliance, and application development lifecycles
Required Knowledge, Skills and Abilities:
- Strong knowledge of Information Security / Cybersecurity related technologies, processes, and tools.
- Working knowledge of Office 365 security concepts, policies, settings, alerting, audit logging, security and compliance center, cloud app security is required.
- Staying up to date on recent threats, security tools and concepts is required.
- Experience implementing Amazon & AWS security tools and concepts.
- Experience with network security concepts and products (e.g., Cisco/Barracuda firewalls and Intrusion Prevention Systems, email (O365), and Web Application Firewall (WAF).
- Familiar with security monitoring (SIEM), analysis and resolution of security events/alarms (SolarWinds a plus).
- Familiar with identity and access management concepts (e.g., Azure Active Directory, MFA, SSO, user access reviews).
- Familiar with CIS top 20, SOC1/2, PCI, HIPAA, or related security frameworks.
- Familiar with application-level security framework and hands on experience mitigating application vulnerabilities and threats, such as SQL injection and cross-site scripting.
- Strong analytical and problem-solving skills
- Strong Windows Active Directory and Networking experience a plus
- Security focused degree and/or certifications a plus (e.g., BS/MS in Cybersecurity or related discipline, CEH, OCSP, CISSP, CISA, CompTIA Security+, etc.)
This position is required to ensure compliance with all legal, ethical and regulatory standards for employment actions. Judgment is exercised to determine when items need to be escalated to management for approval or resolution.