Information Assurance Security Administrator

About The Position

Requirements

• Experience working with CIS CSC 18 computer security programs.
• Familiar with Payment Card Industry (PCI) standards and assessment process.
• Experience with network and host-based intrusion detection and prevention.
• Understanding and familiarity with computer forensic analysis tools and methodologies.
• Proficient in Firewall, UNIX, Microsoft Systems, and Application security and auditing.
• Experience with writing computer security policy documentation.
• Strong verbal and written communication skills.
• Associate's degree in related field, or relevant professional experience.
• Security+ or equivalent entry-level certification.
• 1+ years experience in a related field.
• Normal day-to-day business operations including using a keyboard, walking, bending and reaching.

Nice To Haves

• Proficiency in Python.
• Familiarity with penetration testing techniques and tools.
• Familiarity with Agile values and principles.
• Familiarity with the Scrum pillars as well as Scrum values and principles.
• Experience with auditing and gathering evidence in support of audit findings.
• Experience writing reports of findings related to audits and tests.
• CASP and/or SANS GIAC certification is strongly desired. If the candidate does not possess the CASP certification upon being hired, the candidate will be required to obtain the certification within one calendar year of being hired.
• Previous experience in either a publicly traded company, or government entity.
• Experience with vulnerability scanning.
• Exposure to software security testing.
• Understanding of application and system logging and analysis.

Responsibilities

• Collaborate with the Information Assurance team to produce documentation that demonstrate and/or supports the information assurance product goal using existing internal documentation, industry standards, state and federal government legislation (e.g. CIS CSC 18, NIST CSF, PCI, CCPA, etc.).
• Collaborate with the Information Assurance team to develop and maintain IT Security Systems and Infrastructure Security.
• Collaborate with the Information Assurance team to develop and maintain the enterprise-wide threat model.
• Review and maintain internal security policies and procedures.
• Collaborate with the Information Assurance team to update and maintain organizational PCI compliance documentation.
• Perform, assist with, and document investigations of internal policy infractions.
• Collaborate with the Information Assurance team to identify and document cyber-security risks and develop cyber-security risk mitigation plans.
• Implement and maintain IT Security Architecture documentation.
• Collaborate with the Information Assurance team to develop methodology to track interdependencies of critical assets with entities outside the primary organization.
• Research, develop, document, and implement tracking and inventory methodologies for maintaining inventory of critical assets (hardware and software).
• Assist with internal and external assessments of 24 Hour Fitness's IT Security posture.
• Perform internal auditing procedures of organizational level IT controls and policy compliance.
• Design, implement, document, and evaluate computer security programs.
• Participate as a member of the Computer Security Incident Response Team (CSIRT).
• Proactively search for and identify cyber-security threats to the 24 Hour Fitness enterprise.
• Produce end user documentation and security awareness training materials.
• Provide in-person security awareness training.
• Other duties as assigned by manager.