Address
Form of workJob Description
Job Descriptions:
An Information Security Specialist interprets information security policies, standards and other requirements as they relate to internal information system and coordinates the implementation of these and other information security requirements. The Information Security Specialist redesigns and re engineers internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability. The Information Security Specialist will provide highly specialized experience in one or more information, computer, or network security disciplines (e.g. penetration testing, accreditation, or risk assessment and mitigation); develop system security plans, certification and accreditation reviews; analyze and establish processes for comprehensive systems and data protection; assess and mitigate system security threats and risks; perform security audits, evaluation, risk assessments and make a strategic recommendations; and manages, supports, installs and maintains security tools and systems, and tracks security patches and incidents.
Skills Required:
An Information Security Specialist interprets information security policies, standards and other requirements as they relate to internal information system and coordinates the implementation of these and other information security requirements. The Information Security Specialist redesigns and re engineers internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability. The Information Security Specialist will provide highly specialized experience in one or more information, computer, or network security disciplines (e.g. penetration testing, accreditation, or risk assessment and mitigation); develop system security plans, certification and accreditation reviews; analyze and establish processes for comprehensive systems and data protection; assess and mitigate system security threats and risks; perform security audits, evaluation, risk assessments and make a strategic recommendations; and manages, supports, installs and maintains security tools and systems, and tracks security patches and incidents.
Skills Required:
- The Information Security Specialist will possess knowledge and experience in standard methodologies used in certification and accreditation processes; extensive experience following NIST guidelines in risk assessment and management; conducting vulnerability analysis; developing mitigation plans; and performing penetration testing, password protection testing and application security testing.
Skills Preferred:
- Designed, architected, and implemented CyberArk EPV, PVWA, CPM, PSM/PSMS, PTA, JIT on multi-domains\sites in a fully HA environment and integrated with LDAP/Radius.
- Experience with a programming language, preferably Python and PowerShell script.
- Knowledge of cryptography and cryptographic key management concepts Strong communication skills, a desire to build consensus, and comfort in relaying technical and security principles and decisions to various stakeholders.
- Responsible for Privileged User accounts (domain, local, services, and apps); administration of various Windows and UNIX accounts using CyberArk components.
- Created and Managed Safes, Platforms, Policies and Owners. Assist architects/engineers in collecting data and generating reports per specifications using DNA report, Discovery, Client reporter, and Telemetry.
- Maintained Security tool FAQ and Support Documentation Ability to articulate security risks to business.
- Understanding and familiarity with Operating Systems (Unix, Linux, Windows), Network devices, and databases (SQL, Oracle, etc.) Integrate CyberArk with Devolution\SecureCRT\MobaXterm RDM to manage and access secrets.
Experience Required:
- This classification must have a minimum of five (5) years of experience applying security policies, standards, testing, modification and implementation.
- At least three (3) years of that experience must be in information security analysis.
Experience Preferred:
- 5+ years of experience with installation, integration, and deployment of CyberArk Privileged Access Management 5+ years of hands-on experience with CyberArk components consisting of Privileged Session Management (PSM), CyberArk Policy Manager (CPM) and CyberArk Password Vault Web Access (PVWA) in a hybrid cloud/on-premise environment.
- 5+ years experience with merging existing on-prem PAM to another hybrid PAM cloud 5+ years experience with CyberArk Privileged Access Management routine tasks- Access control, User entitlements, password policy, environment optimization, etc.
- 3+ years experience with integration of Loosely Connection device with more than 100,000 workstations -3+ years experience with integration with CCP and Tenable 3+ years experience with CyberArk Privilege access with Linux, Unix, and AIX -3+ years experience with events and telemetry forwarding with Elastic Seach and SecureWorks
- 3+ years experience with cloud infrastructure platforms like AWS/Azure/GCP, etc.
- 3+ years experience with CyberArk integration with Azure AD, SAML, MFA, and Radius 3+ years experience with CyberArk Endpoint Management (EPM) solutions like Just in Time and application control.
Education Required:
- This classification requires the possession of a bachelor's degree in an IT-related or Engineering field.
- Additional qualifying experience may be substituted for the required education on a year-for-year basis.
