Our client in DC has an immediate opportunity for an Information Security Specialist!
Must Have Experience with the Following:
- Experience working in a cloud environment
- Experience monitoring threat and vulnerability with a Network Vulnerability Management Software
- Experience using a web application security assessment tool
Preferred but not required:
- Any experience with a SIEM tool (Security incident and event management)
- Bachelors in IT related field
- One or more of the following certifications (active) are strongly preferred: CISSP, CCSP, CISA, CISM, CRISC, SANS: GIAC, GSEC, GWAPT
The Information Security Specialist provides assistance with safeguarding information assets by identifying and analyzing potential and actual security incidents. This position is responsible for evaluating, monitoring, and implementing information security initiatives and identifying issues in technology, software or services.
- Administering the vulnerability management program. Reviewing and responding to known and possible network attacks, vulnerabilities and alerts
- Maintaining and reviewing secure access to program servers, file shares, and security groups
- Proficiency performing audit analysis of accounts and process management to include permission lists, organizational changes, separated employees, inactive accounts etc.
- Developing measures to prevent unauthorized software from being installed and executed on systems
- Recommending and supporting the development and management of network security and incident response policies and procedures
- Proficiency archiving and reviewing system audit logs and all other pertinent log files that will support incident response activities
- Maintaining records on configuration and patch management tools to ensure that patches/system modifications maintain the desired security posture
- Developing/revising technical standards for security devices, security operations, and other operations as required
- Proficiency developing measures to prevent unauthorized software from being installed and executed on systems
- Interacting with information security vendors and holding information security vendors accountable to technology and services obligations to the organization
- Ensuring that change control procedures are strictly followed for all changes to all production systems.
- Proficiency analyzing security incidents and escalation of security events 24x7.