Information Security Administrator - NASA Federal Credit Union Remote (Local) Bookmark Share Print 19 0 1

Listing Description

NASA Federal Credit Union is in search of an Information Security Administrator (ISA) to ensure the secure operation of the Credit Union’s infrastructure.  The ISA will Troubleshoot and resolve application or infrastructure security issues. This position will require detailed knowledge of multiple systems, and an in-depth understanding of the functionality for these systems and monitor security logs, scrutinizing anomalous infrastructure events, establishing, and updating security baselines, and troubleshooting.  The ISA will provide technical support on multiple platforms, as well as participate in audit support activities, as they pertain to Information Security, for both internal and external audits. Perform audit support tasks as assigned.  This position will also analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion and conduct user activity audits where required.
 
Essential Duties and Responsibilities: include the following with other duties as assigned.

Level I:
  • Designs and implements safeguards to minimize risks, maintain compliance, and enable security.
  • Stabilize, Standardize, and Simplify (S3) technology infrastructure and applications to optimize support resources.
  • Protects the integrity and security of the Credit Union network, data, and infrastructure.
  • Administers and maintain end user accounts, permissions, and access rights.
  • Facilitates the day-to-day operations of the in-place security solutions.
  • Assists with the deployment, integration, and initial configuration of all new security solutions and of any security solution enhancements.
  • Participates in the creation and or maintenance of policies, standards, baselines, guidelines and procedures, and reports.
  • Demonstrates the ability to identify organizational risk and escalate appropriately.
  • Keeps current with emerging security alerts and issues.
  • Identifies, investigates, and resolves security incidents detected by security solutions.
  • Demonstrates familiarity with the NIST Cybersecurity Framework.
  • Enforces established policies, procedures and associated plans for system security administration and user system access.
  • Applies scheduled fixes and security patches consistent with change management practices.
  • Reviews logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.
  • Assists with coordination of penetration testing to identify system vulnerabilities.
  • Assists with audit or examination preparations and required responses.
  • Provides on-call support for end users for all in-place security solutions.

    • Level II: Information Security Administrator II includes all the duties of Information Security Administrator I and the following:
  • Participates in investigations into anomalous securityactivity.
  • Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate.
  • Implements and maintains policies, procedures and associated plans for system and network security administration and user system access. Oversee enforcement of these policies and procedures.
  • Responds to unauthorized access incidents or member information usage that could result in substantial harm or serious inconvenience to amember.
  • Maintains up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
  • Performs the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
  • Performs and/or oversee penetration testing of all systems to identify system vulnerabilities.
  • Assist with documenting responses to external audits, intrusion attempts, risk assessments, cyber-crime, and vulnerability assessments.
  • Performs and documents risk assessments, as well as investigates and remediates independent risk assessments.
  • Maintains, tunes, and analyzes alerts from network security devices including IDS/IPS, NAC, SIEM, Firewalls, and other network devices.
  • Manages security patches, fixes, and overall support of security tools consistent with change management practices.
  • Manages security-related incident response activities and security breach remediation.
  • Maintain operational security and cyber-security operations (e.g., incident response, security infrastructure management and monitoring services).
  • Provides regular security reporting to management.
  • Downloads and tests new security software and/or technologies.
  • Provides security information and reporting to the Information Security Oversight Committee (ISOC).
  • Identifies reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper, or other records containing PI and PHI.
  • May provide technical guidance to junior staff.
  • May provide support for projects that require security expertise.  Typically consults with project teams addressing projects of moderate size and complexity and where the security issues are clearly evident.
  • May contribute to the development of controls and processes improving information security services.
  • May conduct research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
  • May research and recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
  • Manages connection security for local area networks, the company website, the company intranet, and e-mail communications.
  • Manages and ensure the security of databases and data transferred both internally and externally.
  • May act as an expert providing direction and guidance to process improvements and establishing policies.
  • May diagnose security issues that may involve extensive analysis and recommends resolutions to management.
  • May research opportunities to resolve persistent IT security issues and improve overall IT security architecture.
  • May develop procedures for the execution of security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company systems (e.g., email, data, ecommerce and other internal or customer facing systems).
  • May lead information security resources for projects.
  • May manage the analysis and reporting of security activities to management.
  • May deploy and/or manages all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.

    • Education and/or Experience ~ Level I:
  • Experience within the technology and security related fields preferred but may be substituted for education, IT certifications or equivalent work experience.
  • Strong understanding of physical and virtual IT infrastructure, including servers, network devices, desktops, applications, and mobile devices.
  • Working knowledge of IT security tools and applications required to protect corporate networks.
  • Skilled in administering and deploying security patches to network infrastructure and endpoints.
  • Works under the direct supervision of an experienced IT security professional.

    • Level II:
  • Experience in Information Technology, preferably with background in network security.
  • Degree in computer related studies or the equivalent in Information Technology certifications and work experience.
  • Understands the principles of cloud, network, and endpoint security.
  • Knowledge of security controls and technologies, such as SIEM systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), antivirus and firewalls, endpoint detection and response (EDR), threat intelligence platforms, and application controls.
  • Ability to manage vulnerability and penetration testing, reporting, and remediation.
  • Competent to work independently and within a team-oriented collaborative environment.

    • All Levels ~ Preferably possesses one or more industry certifications, such as:
  • CompTIA Security+
  • GIAC (Information Security Fundamentals)
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CCNA Security (Cisco Certified Network Associate Security)
  • SSCP (Systems Security Certified Practitioner)
  • MCSA (Microsoft Certified Systems Administrator) with specialization in Security
  • OSCP (Offensive Security Certified Professional)
  • GSEC (Cyber Security Essentials Certification)

    • Personal Attributes:
  • Highly self-motivated and directed.
  • Ability to absorb new ideas and concepts quickly.
  • Good analytical and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Ability to conduct research on network related issues and implement concepts.
  • Ability to present ideas in a business-friendly and user-friendly language.
  • Very strong customer service orientation.
  • Excellent written, oral, interpersonal, and presentational skills.
  • Experience working in a team-oriented, collaborative environment.

    • Our generous benefit package includes:
  • Salary: $72,500 - $137,500 / Annually (Based on experience and Level)
  • 401(k) match to 5% of earnings – immediate enrollment and 100% vesting
  • Choice of two health plans
  • Dental 
  • Vision
  • Life Insurance – no cost
  • Long-term Disability Insurance – no cost
  • Employee Assistance Program – no cost
  • Paid vacation 
  • Paid sick time
  • 11 Paid holidays
  • Profit Sharing eligible
  • Pet Insurance
  • Identity Theft Protection

    • Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!