Responsible for ensuring the appropriate operational security posture is maintained. Responsible for creating and maintaining security documentation, verifying that systems are hardened and patched, diligent monitoring of system security controls, expeditious handling of security incidents and auditing for policy compliance. Responsible for implementing new security functionality and making system changes to security servers and devices. Plans, coordinates and implements security measures to safeguard information against unauthorized modification, destruction or disclosure. Monitors and audits workstation, servers, and networks to detect and prevent unauthorized access to systems. Responsible for network administration, including, design, installation, permissions, and maintenance. Under the general direction of the Executive Director or her/his delegate, the Information Security Officer is responsible for the development, recommendation and/or implementation of an agency-wide security strategy. Including, but not limited to, the creation and maintenance of policies, standards, procedures and overall management of all security violations, security risks and other security matters, as needed.
location: Durham, North Carolina
job type: Permanent
work hours: 8am to 5pm
- Responsible for administration of Firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Application Firewalls, Security Information and Event Management systems (SIEM), Remote User Access (VPN), Web/URL Filtering systems, Application Security Testing systems, Authentication systems and Proxy systems.
- Audits logs on a routine basis for security events including intrusions, viruses, hackers, spam, security incidents and other malicious activity. Works with the Incident Response and Handling teams to resolve security events. Prepares Incident Reports as required.
- Installs, configures and maintains both network and application firewalls. Creates, modifies and deletes authorized firewall and network access rules to ensure proper network boundary protections are in place.
- Configures and monitors security monitoring systems such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Security Information and Event Management systems (SIEM). Tunes security log integration and analysis rules for these systems to reduce both false positives and false negatives.
- Performs vulnerability scans on a routine basis as well as for all new system installations in accordance with Vulnerability Scans and Configuration Control procedures.
Installs, configures and monitors remote access control systems such as Virtual Private Network (VPN) and SSL-VPN products
- Installs, configures and monitors boundary protection systems such as Web/URL filtering products and proxy systems.
- Installs, configures and maintains Endpoint Security systems, multi-factor authentication systems, public DNS systems and load balancers.
- Consults with IT team members during the Functional Design phase of development efforts to ensure new applications meet appropriate security requirements.
- Works with Information Technology staff, users, peers and vendors to research and diagnose security-related problems; develops, implements and documents problem resolutions.
- Routinely reviews security, vendor and other available sources for newly discovered vulnerabilities or newly released patches that should be applied to Systems. Advises other system administrators of these vulnerabilities and assists them as needed in securing their systems.
- Performs and/or coordinates internal and external audits and penetration attempts to ensure perimeter devices and internal servers are hardened properly.
- Ensures appropriate authorization and access controls are in place.
- Maintains and documents network architecture and access control. Participates in design, installs, configures and maintains network devices and network access control systems. Monitors and troubleshoot network issues. In addition, secures network devices, configures network permissions, encrypts network transmissions, and monitors systems to ensure transmission integrity.
- Works with the Development and Quality Assurance teams to create application security testing plans to ensure new and changed application programs meet security requirements.
- Provides training and mentoring to appropriate individuals, such as peers, and the management staff, on recommended security practices.
- Responsible for the development of the Agency Security Policy and any associated procedures to ensure compliance with federal, state and industry laws and regulations in consultation with the Information Management Steering Committee.
- Serves on the Enterprise Change Control and Change Advisory Boards to ensure the security of Systems is not compromised.
- Directs and supervises the work of Security Analyst I.
- Assists management as needed and perform other duties as assigned.
- Bachelor's Degree in Computer Science, Information Technology, Management Information Services or a closely related field; or equivalent combination of education and experience.
- One or more of the following certificates are highly recommended: Global Information Assurance Certification (GIAC), Global Security Essentials Certification (GSEC), Cisco Certified Security Professional (CCSP), Certified Information System Auditor (CISA), or Certified Information Systems Security Professional (CISSP).
- Three years of experience working with a variety of security products in a production environment.
- Three years of experience in network administration, preferably with Cisco products.
- Experience with administration of a variety of operating systems, such as Windows Server, Linux, Unix and/or i5/OS.
- Two years of experience interpreting, implementing or otherwise working with a security framework such as NIST 800-53.
- Knowledge of firewall administration software including but not limited to Stateful Packet Inspection Firewall and Application Security Firewall.
- Knowledge of various security software including but not limited to:
- Web/URL filtering software;
- Security Information and Event Management (SIEM) software such as envision;
- SSL VPN Technologies;
- Intrusion Detection Software (IDS;
- Network authentication and access control software;
- Two-factor authentication software.
- Vulnerability assessment tools.
- Knowledge of networking including, but not necessarily limited to routing; TCP/IP Packet analysis; TCP/IP, BGP (Border Gateway Protocol, Advanced Routing, Metro-E architecture and sub-netting.
- Knowledge of cyber security laws and regulations from a State and Federal perspective.
- Knowledge of system change management including but not limited to software configuration, and build and release management.
- Knowledge of cloud security technologies, best practices, monitoring and risks.
- Knowledge of disaster recovery methodologies and tools.
- Security Officer skills including:
- Ability to perform Network Penetration testing and analysis;
- Ability to perform computer forensic investigations and develop response strategies;
- Ability to write and implement Information Security policies.
- Annual Budgeting, maintenance reviews and contract interruption.
- Excellent oral and written communication skills; ability to communicate technical information in an easily understood format.
- Ability to read, analyze and interpret an extensive variety of technical instructions and manuals.
- Excellent analytical and problem-solving skills including the ability to define problems, collect data, establish facts and draw valid conclusions.
- High level of initiative, effort and commitment.
- Project management skills; ability to meet deadlines and bring projects to completion.
- High standards of ethical conduct, including honesty and integrity.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.