Cyber Security Specialist

About The Position

Requirements

• High school diploma or equivalent.
• Minimum three years of experience with Microsoft products in the following categories Cloud Security, O365, Azure AD, Azure Identities and governance, Identity and Access Management, Microsoft Azure Sentinel, Azure Information Protect, Cloud App Security, MS Defender, and Endpoint Security.
• At least one Microsoft security solution certification including Microsoft 365 Certified: Security Administrator Associate, Microsoft Certified: Security Operations Analyst Associate, or Microsoft Certified: Information Protection Administrator Associate.
• Highly vigilant and detail-oriented to effectively detect vulnerabilities and risks and quickly identify concerns and implement real-time security solutions to solve and address issues and complications before they expand.
• Proven track record and experience in successfully executing programs that meet the objectives of excellence in a dynamic and highly matrixed business environment.
• Strong analytical and problem-solving skills with a proven ability to make decisions and lead through high-pressure, high-stress situations.
• Strong track record of sound judgement and professionally handling highly confidential and sensitive matters.
• Knowledge of the latest trends and awareness of current hacking techniques and cybercrime with a desire to learn and self-educate to stay current on best practices and emerging industry trends.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to speak clearly and concisely on cybersecurity strategy and policy, as well as to be able to convey technical information to individuals of different levels of technical comprehension, ranging from senior management to technical experts.

Nice To Haves

• Bachelor’s degree in management information systems, cybersecurity, computer programming or related field strongly preferred.
• Experience with vulnerability scanning, reporting and management (Tenable), Enterprise password vaults, PKI, Application control, Network micro-segmentation.
• Experience working with CISCO Firepower 2120 Threat Defense, CISCO Firepower Management Center for VMware, CISCO ISE, ISCO Stealth Watch, CISCO Umbrella, CISCO AnyConnect Endpoint, and CISCO AMP Endpoint.
• Professional security certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Cloud Security Professional (CCSP), or other similar security related certifications.
• Strong knowledge of web, mobile, and/or desktop application security vulnerabilities and countermeasures, including the OWASP Top 10.
• Knowledge of common information security and service management frameworks, such as ISO/IEC 27001, ITIL/ITSM, COBIT/ISACA, Cloud Security Alliance as well as those from NIST, including 800-53 and Cybersecurity Control Framework will be a real advantage.
• Knowledge and understanding of the relevant legal and regulatory requirements for the Financial and Banking Industry relevant to FFIEC, PCI-DSS, SOC ½ and SOX is desirable.
• Experience with ITIL processes.

Responsibilities

• Administer security posture, identify and remediate vulnerabilities, perform threat modeling, implement threat protection, and respond to security incident escalations.
• Threat management, monitoring, and response by using a variety of security solutions across the environment.
• Investigate, respond, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.
• Implement and manage secure, trusted systems to ensure appropriate confidentiality, integrity, availability, safety, privacy and recovery of digital assets owned, controlled and/or processed by the organization including custom or third-party solutions evaluation, selection, and implementation.
• Implement, manage and support secure network solutions to protect against advanced persistent threats.
• Implement, manage, monitor and upgrade security measures to protect QCRH data, systems and networks.
• Administer security technology and audit/intrusion systems that consist of Microsoft, Cisco and other security solutions related to Cloud Security, System Security, Application Security, Data Security, VPNs, IDS/IPS, Web-Proxy, Security Audits and more.
• Participate in the change management process to forecast the effects of change through potential scenarios and the security consequences on information resource changes.
• Test and identify network and system vulnerabilities to determine potential vulnerabilities that could be leveraged by a threat source and address identified issues accordingly.
• Identify and respond to threats including the characterization and attribution of threats, creation and sharing of situational awareness, and the development of mitigation strategies, including handling any system breaches.
• Understand and interact with key stakeholders to ensure the consistent application of policies and standards across all technology projects, systems and services – including privacy, risk, audit and compliance and business continuity management.
• Provide clear risk mitigating directives for projects with digital technology components including the application of controls.
• Manage and maintain a framework for roles and responsibilities regarding information and master data ownership, classification, accountability and protection of digital assets.
• Build external networks consisting of industry and peers, partners, vendors and other relevant parties to stay up to date on best practices to address common trends, findings, incidents, and cybersecurity risks.
• Partner with the architecture team to develop security architecture standards and to ensure alignment between security and the enterprise architecture framework.
• Monitor security advisory groups and ensure necessary security updates, patches and preventive measures are in place.
• Comply with all company or regulatory policies, procedures and requirements applicable to this position.
• Foster and preserve a culture of inclusion.
• Additional duties and responsibilities may be required to support the company’s mission, vision and values.

Benefits

• Fostering and preserving a culture of inclusion
• Equal opportunity employer