Information Security Consultant

About The Position

Requirements

• Bachelor’s Degree
• 6+ years experience in an intermediate-level Information Security role with proven expertise in multiple aspects of security and IT operations, including securing cloud or hybrid environments
• In lieu of the degree, additional work experience and/or trade school or applicable certifications would be acceptable
• Certification in at least one of the following: CISSP, SANS GIAC, CEH, or vendor specific certifications related to security disciplines such as cloud (ie: AWS, Azure, or OCI security certifications)
• Advanced knowledge of: Information Security concepts, principles, and practices
• Cloud security across multiple disciplines including IAM, Workload Security, and Cloud Security Posture overall
• Security aspects for multiple operating systems, networking technologies, encryption technologies, and applications
• Network security technologies, such as Firewalls, VPN, IDS/IPS, etc.
• Identity and Access Management, including Role Design, Campaign Design, Source System Integration, and cloud IAM services
• Continuous monitoring principles, including threat management, SIEM, File and Database Activity Monitoring, and Incident Response in both on-prem and cloud environments
• Multiple security domains inclusive of security management, access control systems and methodology, network security, cryptography, operations security, application and system development security, threat management, and incident response
• Security control frameworks, standards, governance, and security best practices as applied to cloud and hybrid architectures
• Intermediate knowledge of: Secure Coding principles
• Scripting experience and programming language, such as PERL, Java, .NET, or scripting used for cloud automation (e.g., Python, PowerShell)
• Proven ability to: Work independently with guidance in only the most complex situations
• Be agile in learning, seek to excel, be curious and adaptable
• Act as lead in managing security related projects and investigations including cloud security initiatives
• Maintain a high level of professionalism and confidentiality
• Work well under pressure
• Solve complex problems, analyze information, identify and assess risks, and make tactical and strategic recommendations
• Excellent organizational, planning, written and verbal communication skills
• Strong client-facing skills with ability to handle and lead conversations with large technically diverse teams
• Organized, responsive, and highly thorough problem solver
• Experience driving measurable improvement in security operations and risk reduction within the organization including cloud risk reduction
• Excellent time management skills to aid in meeting specific goals and plans to prioritize, organize, and accomplish
• Ability to be on-call and work outside of regular business hours as needed
• An additional requirement for this role is the successful passing of a credit check review for the selected candidate

Nice To Haves

• Additional advanced information security related certifications from SANS GIAC (Global Information Assurance Certification); ISACA, ISC2, etc.
• Hands-on experience securing cloud environments such as OCI, Azure, and/or AWS, including logging, monitoring, IAM, workload security, cloud security posture and cloud network security

Responsibilities

• Partner with various IT teams to create and maintain applicable security standards primarily for cloud environments such as Azure, AWS, and OCI; and participate in other security disciplines such as IAM, vulnerability management, and IT systems (Networks, Windows, Linux, Database, Endpoint) Security
• Maintain and implement incident handling plans as they relate to cloud incident response; participate in incident response activities and plan, coordinate, and perform security testing exercises such as pen testing and tabletop exercises, including cloud-based scenarios
• Develop strategies to improve efficiencies using automation and orchestration solutions (ie: infrastructure-as-code and cloud security automation) to reduce manual work that can be done programmatically
• Lead the creation and maintenance of documentation related to NCCI’s security framework, program, and standards where applicable to role, including cloud security architecture and control mappings

Benefits

• Competitive starting base pay plus a targeted annual performance bonus
• For local candidates: a phenomenal work environment, with perks including an onsite café, coffee shop, game room, fitness center, and employee activities and sports leagues to participate in
• Wonderful team of dynamic people to work with who are fun, caring, and friendly
• Positive work environment and culture that celebrates success and honors each other’s contributions to the team
• Fantastic benefits package and total rewards offerings