Job Details

Email to Friend Save Back

Lead Cyber Security Specialist

OWINGS MILLS-21117, MD, US
04/21/2020

-

Required Skills

XML, Microsoft Windows

Company

Infinity Consulting Solutions, Inc

Experience

2 to 4 Year(s)

Job Description

Lead Cyber Security Specialist

Owings Mills, MD, United States

Responsibilities:

· Execute security governance and compliance leadership through the design and implementation of security policies, procedures, guidelines and standards to maintain the confidentiality, integrity and availability of information systems and data.

· Represent Information Security from an Information Security Risk Management perspective.

· Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure for on-premise and cloud (Azure and AWS) implementations.

· Design, implement, and integrate security solutions to address enterprise risks and exposures.

· Develop and maintain Information Security Metrics supported by KPIs and KRIs.

· Provide support and guidance to a team of technically diverse personnel of senior level security specialists and junior level security specialists.

· Provide appropriate training to other security specialists and external customers on developed policies standards, procedures and guidelines.

· Implement necessary enhancements/updates/upgrades to existing security products.

· Assist in the configuration and installation of security products. Where possible, suggesting and implementing solutions to automate manual operational activities.

· Test and report on new technologies to address security concerns through the creation of security vulnerability assessments.

· Review and approve ACL / firewall change requests. Perform periodic compliance reviews of firewall configurations.

· Serve as lead technical information security coordinator/project lead and as a contributor to cross functional teams for deployment and support of security specific infrastructure in order to provide information security to the enterprise.

Required:

· College Degree in an Information Security or Technology related field or equivalent experience plus 7+ years related work experience.

· Expertise in information security concepts, information security policies and system architecture concepts and have experience in process definition, workflow design, and process mapping.

· In depth understanding in multiple areas of Information Security such as networking (TCP/IP, OSI model, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), voice technologies (session border controllers, MPLS, VOIP, etc.), authentication technologies, (TACACS, RADIUS, etc.), wireless architectures, encryption key management, and mobile device technologies.

· Also, must have knowledge of vulnerability assessments, privacy assessments, incident response, security policy creation, enterprise security strategies, and governance.

Abilities/Skills (candidate should posses most of these):

· Ability to identify and resolve complex issues and develop security solutions to meet business and technology goals.

· Strong written documentation skills and technical writing are required.

· Excellent presentation and verbal communication skills.

· Ability to effectively complete tasks with a minimal level of supervision.

· Strong computer skills, including knowledge of Microsoft Windows, various e-mail systems (Lotus Notes, Microsoft Exchange) and unified communication systems (Office Communication Server).

· Possess broad understanding of the following systems/skill sets:

o IBM Tivoli administration and configuration

o System hardening concepts and techniques

o Checkpoint technologies

o Network and remote access controls

o LDAP, Unix, Active Directory, Java, EJB, JSP, JDBC, JMS, Kerboros, PKI, XML, WSDL, Web Services, Ant, and Spring Framework

o Unix, Linux, Web application servers (WebSphere, Apache)

o Virtualization technologies (VMware, VLANS, Hypervisors)

o Encryption technologies and key management

o Web application servers

o F5 LTM / ASMs

o Web application and IP firewalls

· Familiarity with access control methodologies (MAC, DAC. RBAC)

Preferred:

· Professional certification such as CISSP, CRISC, CISA, or CISM (lead level only)

· Significant understanding of NIST Risk Management Framework and Information Security Risk Management methodologies.

· Experience with Information Security Governance, Risk, and Compliance (eGRC) Programs and Platforms.

· Proven ability to translate technical requirements to the business

· Ability to understand, develop, and socialize security policies, standards, and procedures.

· Proficiency with security controls for cloud environments (Azure and AWS).

· Proficiency with control implementation and monitoring in addition to information security metrics and reporting

· Familiarity with security tools such as wireless and network scanning applications, vulnerability assessment applications and concepts, IDS/IPD, Data Loss Prevention, and other appropriate security related tools and capabilities.

· Experience working with Information Security tools in a large, complex, multi-platform environment.

· Familiarity with HIPAA Security Rule and compliance requirements.

· Experience developing and maintaining System Security Plans (SSPs)