Information Security Analyst II (E5122)

IEEE•Piscataway, NJ

20h

About The Position

The overall purpose of this position is to protect the security and integrity of IEEE data through the implementation and maintenance of information security practices, measures, and technologies consistent with industry best practices. This position will act as a subject matter expert who will diligently assist with the maintenance and improvement of information and systems to ensure appropriate safeguards are in place. The incumbent must possess a thorough understanding and knowledge of security controls, strategies and methodologies as well as knowledge of some of the following technologies: firewalls, identity and access management, advanced authentication, single sing on, security audits, security diagnostics and encryption. The role reports to the Manager, Information Security and manages 0 direct reports.

Requirements

Bachelor’s Degree in computer related field such as Computer Science, Mathematics or Engineering. In lieu of a degree equivalent experience will be considered.
At least 4 years direct experience involving security, network architectures and Internet communications protocols (TCP/IP), monitoring and intrusion prevention strategies (e.g. Firewalls, Security Event Correlation, Malware Detection, IDS/IPS), Identity & Access Management technologies and concepts (Enterprise Directory Services, Virtual Directory, Enterprise Single Sign-On / Web Access Controls and Authorization models) in a large, distributed, high performance, business critical networked environment.
Knowledge or familiarity of security technologies and concepts, including but not limited to, encryption, Public Key Infrastructure (PKI), two factor authentication, network security (firewall, intrusion detection / protection, and network anomaly detection), host based security (Anti-malware, firewall, intrusion detection / protection, patch management and file integrity), web application security (web application firewall, secure application development, authentication, session management, access control, single sign-on and error handling), database security (authentication, access control, auditing and integrity), secure remote access (VPN, terminal and console), security data analysis (security event monitoring, correlation, analysis and response)
Knowledge or familiarity on conducting and mitigating security/risk assessments
Knowledge of Authentication & Authorization technologies (LDAP, RADIUS, Two-factor authentication, SAML, OpenToken, OAuth, etc.)
Knowledge and experience installing and administering Enterprise Directory Services technologies, such as; Oracle Unified Directory, Oracle Virtual Directory, OpenLDAP, and Microsoft Active Directory.
Knowledge or familiarity installing and administering Enterprise Single Sign-On (ESSO) and Access Management (AM) technologies, such as; Computer Associates SiteMinder, Oracle Access Manager, IBM Tivoli, PingFederate, PingAccess and OpenSSO / OpenAM.
Knowledge and experience Windows Active Directory.
Knowledge of Self Service Account Management technologies, concepts and best practices, such as; Identity validation, user provisioning, self-service password recovery and automation workflows (i.e. Self Service Access requests).
Good understanding of a programming language (e.g. Java, C, Perl), HTML/XML and Unix “shells” scripting (e.g. CSH, KSH, SH).
Excellent communication skills (written and verbal) and able to articulate key messages to a range of audiences.o Can effectively discuss security challenges with developers and testerso Experience of at least one code security review tool
Ability to work alone and build relationships across the organization.
Anticipates problems and identifies long-term implications of decisions and actions.
Familiarity with server operating systems, such as; Windows, Linux & Solaris
Familiarity with web application security concepts, such as; secure application development, secure session management, cryptography, input validation, logging and error handling a plus.
Familiarity with load balancer technologies and ESSO integration capabilities is a plus.
Familiarity of Authentication, Authorization concepts, such as; Identity Federation, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), RADIUS / TACACS a plus.

Nice To Haves

Relevant professional qualifications / certifications (CISSP, CEH, CISM, CISA, CSSLP, SANS, CHECK, CREST) a plus.

Responsibilities

Proactively identify and remediates vulnerabilities using industry best practices and maintains a strong awareness and understanding of the current threat landscape.
Performs internal and external security audits to ensure compliance with agreed security practices, policy and procedures to adhere with legal and regulatory requirements.
Identifies security policy violations and leads in the corrective actions to maintain data and infrastructure security.
Provides guidance and technical expertise to other technical employees and project teams and enforces established security policies.
Assists project teams with the application and implementation of IEEE security policies, standards, processes and agreed architectures.
Makes recommendations for enhancing security services, participates and, at times, leads the evaluation of commercial information security products and services to determine which of these should be adopted by or tested by the organization.
Assists with the installation, maintenance and support of information security tools and services including, but not limited to, identity and access management systems including single sign on (SSO).
Participates in development and update of security policies, procedures, standards, guidelines, and architectures.
Assists with the execution vulnerability and penetration tests of IEEE network and systems including the remediation of findings.
Assists with the investigation of security incidents, recommends and implements solutions to remediate or mitigate them.
Assists in the formulation and enforcement of security policies and procedures.