To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skills, abilities, and competencies required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Understanding and experience with risk management frameworks – e.g., ISO 27000, SOC2, ITIL, NIST, etc.
- Experience with relevant technology and tools, such as:
- Penetration testing and related tools.
- Application, database, and network vulnerability scanners/managers – e.g., CheckMarx, AppScan, VeraCode, Scuba, DBProtect, Nessus, McAfee Secure, etc.
- Detection and remediation of database vulnerabilities – e.g., Microsoft SQL Server, Oracle, Mongo, etc.
- Detection and remediation of application vulnerabilities and how to remediate them – e.g., injection, scripting, authentication, error handling, etc.
- Understanding of Microsoft server and desktop operating systems.
- Various network routing, switching, and firewall/IDP products – Cisco, CheckPoint, PaloAlto, etc.
- SIEM and log management tools – e.g. LogRhythm, QRadar, RSA, or Splunk.
- Automation/scripting experience strongly preferred – e.g., Python, Perl, C#, PowerShell, etc.
- PowerApps, PowerBI, and PowerPoint a plus.
- Microsoft office products – e.g., Word, Excel, etc.
- Experience performing application, network, and database security reviews, and risk assessments.
- Experience working in a collaborative environment with technical and non-technical information asset owners and teams to manage and remediate vulnerabilities.
- Experience working with incident management, problem management, and/or corrective action processes, as well as (forensic) investigation techniques.
- Ability to work effectively in a remote, virtual team environment.
- Ability to operate in a highly confidential manner.
- Knowledge of current technological developments/trends in area of expertise required. Connection with local security special information groups / organizations preferred.
- Knowledge and understanding of ITIL processes.
- Time Management: Requires strong capability to prioritize competing demands, manage multiple concurrent tasks and run meetings on schedule.
- Project Management: Project management skills required, including the ability to estimate work efforts, define work plans, delegate work, monitor progress and report schedule variances and scope changes.
- Verbal Communication: Requires the ability to compose and verbally deliver information of varying levels, using appropriate grammar, tone, inflection and non-verbal cues, while also listening to and correctly deciphering verbal communication delivered by others.
- Written Communication: Requires the ability and capacity to communicate ideas, facts and data in writing using appropriate grammar, syntax and sentence structure including the ability to create technical documents.
- Analytical Thinking/Reasoning: Requires the ability to understand a situation by breaking it apart into smaller pieces, and/or tracing the implications of a situation in a step-by-step causal way.
- Results Orientation: Requires the ability to strive for optimal results by taking responsibility for timeliness, commitment to task and adherence to performance standards.
- Ethics/Integrity: Requires the ability to behave in a trustworthy & transparent manner.
- Teamwork & Cooperation: Requires the ability to work cooperatively with others and be part of a team.
- Self-Control: Requires the ability to keep emotions under control and to restrain from negative actions or behaviors.
- Customer Service Orientation: Requires the ability to understand and help/assist both internal and external customers and meet their needs.
- Flexibility/Adaptability: Requires the ability to adapt to and work effectively within a variety of situations, individuals or groups, as well as understand and appreciate different and opposing perspectives.
- Conceptual Thinking: Requires the ability to understand a situation or problem by putting the different pieces together to see the bigger picture.
- Interpersonal Understanding: Requires the ability to understand other’s feelings and concerns, and to value individual differences in people.
- Organizational Commitment: Requires the ability and willingness to align his/her own behavior with the needs, priorities and goals of the organization.
- Relationship Building: Requires the ability to effectively build and maintain friendly, warm relationships or networks of contacts with clients/customers.
- Assertiveness: Requires the ability and intent to appropriately display assertive behaviors to ensure others follow and comply with given directions.
EDUCATION AND EXPERIENCE
- Must have a baccalaureate degree in information technology, security, or related field, from an accredited U.S. college or university, or equivalent foreign institution.
- Must have a minimum of five years relevant work experience.
CERTIFICATES, LICENSES, REGISTRATIONS
One or more of the following certifications is desirable:
- ITIL: Information Technology Infrastructure Library
- CISSP: Certified Information Systems Security Professional
- GIAC Certification(s) (Security Essentials, etc.)
- CEH: Certified Ethical Hacking
- CompTIA Security+
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
This description is intended to describe the type and level of work being performed by a person assigned to this position. It is NOT an exhaustive list of all duties and responsibilities required by a person so classified. The job may require additional hours beyond a traditional 40-hour workweek.