Senior Information Security Analyst (2-Year Term)

National Education Association

27d

About The Position

This 2-year Term position supports the NEA’s strategic objective to focus the energy and resources of its 3 million members toward the promotion of public education by providing high level safety of Information Technology assets and to protect systems from intentional or inadvertent access, harm, or destruction. Position Summary: Individual will demonstrates ownership, accountability, and a security-first mindset while responding quickly to security incidents and escalations. Responsibilities include assisting in the development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environment. Responsibilities will also include scans and analysis of scan reports related to PCI compliance and completing necessary PCI related documentation for submission to bank(s) to assert compliance with PCI standards. The incumbent updates, maintains, and documents security controls and works collaboratively with other teams to ensure that new and existing infrastructure, software, hardware, architecture, and applications are developed and deployed in a secure manner. The incumbent will assis in the development and management of security for one or more IT functional areas; implementing and maintaining security technology solutions which may include encryption, firewalls, identity management solutions and associated authentication (AuthN), authorization (AuthZ) , intrusion detection, and gateway security controls and other associated security related technology. Other duties include: analyzing and preparing status reports on security matters; monitoring and recommending solutions for correcting issues related to security technology performance and capabilities, security breech response, etc. To carry out responsibilities, the incumbent uses a personal computer, associated software, and other office technology.

Requirements

Bachelor degree in Computer Science, or Information Security (or related discipline) or an equivalent combination of education and experience from which comparable knowledge and skills may be acquired.
Five or more years experience working directly with Identity Management Platforms such as OKTA, PING, CyberArk, Microsoft Entra - including knowledge of SAML2, Oauth, and other open standard protocols used for modern authentication and authorization
Five or more years experience in the security aspects relating to multiple platforms, operating systems, software, communications and network protocols.
Five or more years experience with networking and security technologies such as IPSEC (Internet Security Protocol), VPN (Virtual Private Network), routers, switches, firewalls, intrusion detection and prevention, data leakage, WAF (Web Application Firewall).
Experience with some aspects of information security and compliance, such as PCI, SOX, and HIPAA requirements for information systems and industry best practices such as ISO17799/27011, NIST (National Institute of Standards and Technology).
Some travel required (15-20 overnights per year).

Nice To Haves

Familiarity with business objectives and strategies.
Ability to analyze information using logic to address work-related issues and problems.

Responsibilities

Assisting in the development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environment.
Scans and analysis of scan reports related to PCI compliance and completing necessary PCI related documentation for submission to bank(s) to assert compliance with PCI standards.
Updates, maintains, and documents security controls and works collaboratively with other teams to ensure that new and existing infrastructure, software, hardware, architecture, and applications are developed and deployed in a secure manner.
Assisting in the development and management of security for one or more IT functional areas; implementing and maintaining security technology solutions which may include encryption, firewalls, identity management solutions and associated authentication (AuthN), authorization (AuthZ) , intrusion detection, and gateway security controls and other associated security related technology.
Analyzing and preparing status reports on security matters.
Monitoring and recommending solutions for correcting issues related to security technology performance and capabilities, security breech response, etc.