Employer: NASCO
Location:US-GA-Atlanta
Job ID 2016-2861
Travel Requirements 0-20%
Overview:
Under general direction, the Security Operations Manager will report to the Director of Corporate Information Security and will be responsible for analyzing, monitoring, tracking and reporting behavior/tasks logged by assets (ie, applications, systems, networks) in the form of incidents to ensure NASCO is protected from any potential leaks or malicious activities. He/she will perform routine actions of analyzing correlated event logs to help identify normal versus malicious activity in the network/domain. He/she is responsible to proactively monitor cyber security and information technology infrastructure, including hardware, software, networks, applications and services. This position will communicate with Information Technology, Application Development, Managed Security Services and other appropriate areas, as deemed necessary. Additionally, this resource will provide technical leadership, guidance, and daily direction for Security Operations Analysts.
Responsibilities:
Essential Roles and Responsibilities:
Assists Security Operations Analysts who performs vulnerability scanning for network devices, applications and databases in order to determine if these assets have any vulnerabilities to potential internal or external threats. 5%
Lead activities to tune and optimize all Security tooling (IDS, Vulnerability Management, DLP). 5%
Leads, analyzes, and assesses security incidents that occur to NASCO assets and escalates incidents by following incident plan. 15%
Leads, analyzes, and approves firewall change requests for both Corporate and Lexington environments. 5%
Creates, develops, and maintains standard practices and procedures to respond appropriately to internal and external threats. 10%
Assesses potential risks and vulnerabilities in the network by establishing status quo for the networks and recognizing any deviations in order to provide actionable recommendations in the event of malicious activity. 10%
Performs risk and security assessments of applications, databases, and servers and supports networking technologies, such as routers, switches, access points, in order to determine if these assets have any vulnerabilities to potential internal or external threats. 10%
Works with IBM and internal Infrastructure team to solve information security system problems and issues in a timely and accurate manner to prevent malware from coming into the environment. 5%
Follows Information Security process, policies and procedures congruent with standards and industry best practices. 5%
Leads and provides oversight for Security Operations Analysts in monitoring activities and events in NASCO’s Technology environment to ensure that anomalous behavior is detected, identified, classified and acted upon where appropriate. 5%
Assists Security Operations Analysts in performing application scanning to ensure that code releases are secure. 2%
Leads initiatives to perform penetration testing on network and applications using ethical hacking techniques in order to determine network and application vulnerability. 5%
Develops and executes corrective action plans and remediation plans when issues are identified in order to mitigate the risk of exploitation. 5%
Performs reviews and assessments of security controls before hardware/software is migrated to production and performs application scanning to ensure that code releases are secure. 5%
Prioritizes and assigns the day to day work of team. 5%
Participates and provides input for any performance management activities. 5%
Conducts administrative approvals for the team in systems such as Planview, Employee Self Service, and Adaptive Planning. 3%
Performs other duties as assigned.
Qualifications:
Required Knowledge, Skills, Abilities and Experience:
Minimum of 3 years experience in a security operations center and/or system administration role
Minimum of 7 years experience as a System Administrator (Unix/Windows) and Network Administrator
Experience analyzing IIS, SQL, firewall, IPS/IDS, Windows, SEP, Web, and mail filtering logged events.Hands on experience managing an array of security tools (e.g. Web Content Filtering, Malware, Firewalls, Intrusion Protection, etc.)
Ability to read system data, including, but not limited to, security and network event logs, web, anti-virus, DLP, syslogs, IPS, and firewall logs.
Expert knowledge of Unix (AIX and Linux) platforms
Expert knowledge of Cisco-based firewalls and intrusion detection systems
Strong knowledge of Mainframe technologies
Strong knowledge of access security models (e.g. ACF2, RACF, Windows, Unix, etc.).
Knowledge of Windows 200X server platforms.
Knowledge of VMware and VM server platforms
Knowledgeable about security issues, vulnerabilities, regulatory and legal changes, and security standards that may impact information security
Solid working knowledge and understanding of multiple operating systems and commands, as well as an understanding of IT security and network best practices and software/hardware solutions
Knowledge of business, application, information and enterprise architecture responsibilities, principles and standards.
Knowledge of Packet analysis tools (tcpdump, Wireshark, ngrep, etc.)
Knowledge of database structures and queries.
Knowledgeable about security issues, vulnerabilities, regulatory and legal changes, and security standards that may impact information security
Maintains a broad knowledge of current and emerging network security threats
Strong time/project management skills with the ability to operate under deadlines and manage fluctuating workloads
Ability to communicate security objectives orally and in writing to a variety of audiences.
Ability to write security requirements and design documents
Ability to analyze complex problems and recommend/negotiate solutions
Experience troubleshooting common network devices, network vulnerabilities and network attack patterns
Experience leading and coaching a team of lesser-experienced Security Resources.
Required Training and Education:
Bachelors degree in Computer Science, Information Systems, Network Security Engineering or related major or equivalent work experience.
Desired Training and Education:
Current SANS certification holder (technical tracks) strongly preferred
CISSP desired and CCNA, MCSE certifications are preferred
NASCO is a Minority/Female/Disability/Vet/Affirmative Action Employer.
Department Specific Details:
Working directly with 4 Security Operations Analysts, provide technical leadership and oversight to the day-to-day activities including monitoring, analyzing, tracking and reporting via tools such as DLP, Vulnerability Management, IDS/IPS, and Threat Management. Work directly with internal and external network professionals to perform firewalls clean and standardization and monitor to ensure they are effectively managed. Lead Security Incident Response team activities during incident investigations and provide technical input and support in analyzing data and performing forensic analysis. Perform security review of all changes and provide approval. Work directly with Director, Security Operations regarding projects (i.e. SIEM selection and implementation) identified on the 2016 Security Roadmap. Participate in the evolution of the Security Roadmap and capability maturation on an on-going basis.
Location:US-GA-Atlanta
Job ID 2016-2861
Travel Requirements 0-20%
Overview:
Under general direction, the Security Operations Manager will report to the Director of Corporate Information Security and will be responsible for analyzing, monitoring, tracking and reporting behavior/tasks logged by assets (ie, applications, systems, networks) in the form of incidents to ensure NASCO is protected from any potential leaks or malicious activities. He/she will perform routine actions of analyzing correlated event logs to help identify normal versus malicious activity in the network/domain. He/she is responsible to proactively monitor cyber security and information technology infrastructure, including hardware, software, networks, applications and services. This position will communicate with Information Technology, Application Development, Managed Security Services and other appropriate areas, as deemed necessary. Additionally, this resource will provide technical leadership, guidance, and daily direction for Security Operations Analysts.
Responsibilities:
Essential Roles and Responsibilities:
Assists Security Operations Analysts who performs vulnerability scanning for network devices, applications and databases in order to determine if these assets have any vulnerabilities to potential internal or external threats. 5%
Lead activities to tune and optimize all Security tooling (IDS, Vulnerability Management, DLP). 5%
Leads, analyzes, and assesses security incidents that occur to NASCO assets and escalates incidents by following incident plan. 15%
Leads, analyzes, and approves firewall change requests for both Corporate and Lexington environments. 5%
Creates, develops, and maintains standard practices and procedures to respond appropriately to internal and external threats. 10%
Assesses potential risks and vulnerabilities in the network by establishing status quo for the networks and recognizing any deviations in order to provide actionable recommendations in the event of malicious activity. 10%
Performs risk and security assessments of applications, databases, and servers and supports networking technologies, such as routers, switches, access points, in order to determine if these assets have any vulnerabilities to potential internal or external threats. 10%
Works with IBM and internal Infrastructure team to solve information security system problems and issues in a timely and accurate manner to prevent malware from coming into the environment. 5%
Follows Information Security process, policies and procedures congruent with standards and industry best practices. 5%
Leads and provides oversight for Security Operations Analysts in monitoring activities and events in NASCO’s Technology environment to ensure that anomalous behavior is detected, identified, classified and acted upon where appropriate. 5%
Assists Security Operations Analysts in performing application scanning to ensure that code releases are secure. 2%
Leads initiatives to perform penetration testing on network and applications using ethical hacking techniques in order to determine network and application vulnerability. 5%
Develops and executes corrective action plans and remediation plans when issues are identified in order to mitigate the risk of exploitation. 5%
Performs reviews and assessments of security controls before hardware/software is migrated to production and performs application scanning to ensure that code releases are secure. 5%
Prioritizes and assigns the day to day work of team. 5%
Participates and provides input for any performance management activities. 5%
Conducts administrative approvals for the team in systems such as Planview, Employee Self Service, and Adaptive Planning. 3%
Performs other duties as assigned.
Qualifications:
Required Knowledge, Skills, Abilities and Experience:
Minimum of 3 years experience in a security operations center and/or system administration role
Minimum of 7 years experience as a System Administrator (Unix/Windows) and Network Administrator
Experience analyzing IIS, SQL, firewall, IPS/IDS, Windows, SEP, Web, and mail filtering logged events.Hands on experience managing an array of security tools (e.g. Web Content Filtering, Malware, Firewalls, Intrusion Protection, etc.)
Ability to read system data, including, but not limited to, security and network event logs, web, anti-virus, DLP, syslogs, IPS, and firewall logs.
Expert knowledge of Unix (AIX and Linux) platforms
Expert knowledge of Cisco-based firewalls and intrusion detection systems
Strong knowledge of Mainframe technologies
Strong knowledge of access security models (e.g. ACF2, RACF, Windows, Unix, etc.).
Knowledge of Windows 200X server platforms.
Knowledge of VMware and VM server platforms
Knowledgeable about security issues, vulnerabilities, regulatory and legal changes, and security standards that may impact information security
Solid working knowledge and understanding of multiple operating systems and commands, as well as an understanding of IT security and network best practices and software/hardware solutions
Knowledge of business, application, information and enterprise architecture responsibilities, principles and standards.
Knowledge of Packet analysis tools (tcpdump, Wireshark, ngrep, etc.)
Knowledge of database structures and queries.
Knowledgeable about security issues, vulnerabilities, regulatory and legal changes, and security standards that may impact information security
Maintains a broad knowledge of current and emerging network security threats
Strong time/project management skills with the ability to operate under deadlines and manage fluctuating workloads
Ability to communicate security objectives orally and in writing to a variety of audiences.
Ability to write security requirements and design documents
Ability to analyze complex problems and recommend/negotiate solutions
Experience troubleshooting common network devices, network vulnerabilities and network attack patterns
Experience leading and coaching a team of lesser-experienced Security Resources.
Required Training and Education:
Bachelors degree in Computer Science, Information Systems, Network Security Engineering or related major or equivalent work experience.
Desired Training and Education:
Current SANS certification holder (technical tracks) strongly preferred
CISSP desired and CCNA, MCSE certifications are preferred
NASCO is a Minority/Female/Disability/Vet/Affirmative Action Employer.
Department Specific Details:
Working directly with 4 Security Operations Analysts, provide technical leadership and oversight to the day-to-day activities including monitoring, analyzing, tracking and reporting via tools such as DLP, Vulnerability Management, IDS/IPS, and Threat Management. Work directly with internal and external network professionals to perform firewalls clean and standardization and monitor to ensure they are effectively managed. Lead Security Incident Response team activities during incident investigations and provide technical input and support in analyzing data and performing forensic analysis. Perform security review of all changes and provide approval. Work directly with Director, Security Operations regarding projects (i.e. SIEM selection and implementation) identified on the 2016 Security Roadmap. Participate in the evolution of the Security Roadmap and capability maturation on an on-going basis.