IT Security Administrators are responsible for a broad range of tasks including administration of information security tools and devices, security information and event management. The individual in this position interacts closely with product vendors and service providers, with personnel from various IT departments including the application development, operations, network, and privacy teams. IT Security Administrators are assigned to moderately complex systems, projects and initiatives. IT Security Administrators also implement policy as well as install and configure various types of software.
Essential Job Functions
- Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security and host-based security systems.
- Recommend, schedule and apply patches, remove or otherwise mitigate known control weaknesses
- Perform remedial actions as a result of threat and vulnerability assessments or audits.
- Locate and repair security problems and failures
- Prepare and analyze security incident and event data reporting
- Train others on the use of security tools and resolution of security issues
- Develop and maintain documentation for security systems, procedures and security diagrams
- Research, recommend, evaluate and implement information security solutions
- Monitor and analyze unusual or suspicious activity and make recommendations for resolution
- Serve on projects and initiatives to develop, plan and implement network and distributed system security technologies
- Serves as a liaison with product vendors and service providers in support of application development, operations, network and privacy teams
- Perform system and application vulnerability testing
- Support information security architectural requirements.
- Serve on projects, initiatives or work groups as assigned which may include Event Management, Identity and Access Management, Risk and Control Assessment, Threat and Vulnerability Management.
Minimum Job Requirements
- 6 or more years of work experience in IT Security or equivalent combination of transferrable experience and education.
- Bachelor’s degree in an IT related field or equivalent work experience
- Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response and identity and access management
- Knowledge of network infrastructure including routers, switches, firewalls and associated network protocols and concepts.
- Strong technical knowledge of current systems, software, protocols and standards. including TCP/IP and network administration/protocols
- Experience developing, documenting and maintaining security procedures.
- In-depth knowledge of operating systems and security applications, as well as a working knowledge of basic network protocols and tools.
- Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
- Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
- Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.
- Ability to manage tasks independently and take ownership of responsibilities
- Ability to learn from mistakes and apply constructive feedback to improve performance
- Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
- Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
- Ability to adapt to a rapidly changing environment
- High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
- Relevant certifications – CISSP, CISM, CEH, Security+, CCNA, SSCP
- Network or System Administration background
- Information Security Authentication and Authorization development, SAML, Single Sign-on, Federation, Identity Management
- Network and Host based Intrusion detection and prevention (IDS/IPS, firewalls, Network Access Control)
- Host Security Products (HIPS, AV, scanners, etc.)
- Secure Web Gateway administration
- PKI, SSL, Key Management, and other encryption technologies.