This job has expired, please see additional jobs below
Senior Administrator, IT Security - Connected Vehicle Services
Entertainment & Media Industry Company
Freeport, TX, United States
Job Details - this job has expired, please see similar jobs below
Position Summary:
The Senior IT Security Administrator will be responsible for the day-to-day security operations of Company Connected Vehicle Services Inc. This position acts as consultant to the business for information security matters. Responsible for reviewing, designing, engineering, and administering security tools throughout the lifecycle, performing security risk assessments, vulnerability scans, and overseeing remediation activities. Also assists with evidence gathering and audit handling for both regulatory, 3rd party audits and security reviews. This position is expected to be versatile in security disciplines and able to meet the needs of the business across most of the Common Body of Knowledge (CBK) security domains. The position is a hands-on information security operations role and will require technical expertise to adequately perform the required job functions. The successful candidate will be considered the subject matter expert in regards to operational security for the line of business.
The position has a matrix reporting relationship to the Enterprise Information Security and Compliance Department.
Duties and Responsibilities:
• Supports system development and maintenance lifecycle by providing guidance on implementation and verifying the secure configuration.
• Develops, implements, maintains, and oversees procedures and associated plans for system security administration and user system access based on industry-standard best practices.
• Actively tracks vulnerability findings and status of remediation, driving toward resolution.
• Validates the continued and proper placement, operation, and tuning of security instrumentation, including vulnerability scanners, intrusion detection sensors, DLP, security log monitoring/correlation tools, file integrity monitoring solutions, and other security relevant controls by monitoring the IT security operations.
• Expedites neutralization of threats that pose immediate danger to the confidentiality, integrity, and availability of information assets.
• Evolves and adapts incident response and handling procedures commensurate with changing threat landscape and business needs.
• Designs and implements applicable security features throughout the configuration and change management process.
• Identifies security requirements and impacts resulting from modifications to the systems, and work with the respective groups to help with remediation.
• Identifies and explains false positives.
• Develops mitigations and articulates compensating controls for near-term and planned implementation.
• Assists in the development of alternative remediation or mitigation strategies to minimize vulnerabilities and risks while minimizing the impact to the system functionality and performance, as well as program cost and schedule.
• Supports PCI/PII and other regulatory related activities and remediation.
• Performs threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats, and are free from known vulnerabilities.
• Responds to and, where appropriate, resolves or escalates reported security incidents.
• Investigates and resolves security violations by providing postmortem analysis to illuminate the issues and possible solutions.
• Engineers, implements, deploys and maintains technologies including but not limited to; Network Intrusion Prevention systems, Web Application Firewalls, and Security Information Event Management (SIEM) systems, implements and verifies the secure builds of systems by leveraging the Center for Internet Security (CIS) Benchmarks as well as manages the organization's managed security services.
• Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
Supervisory Responsibilities:
• n/a.
Minimum Qualifications:
• Bachelor's degree or equivalent experience.
• 2 years of project and/or supervisory/management experience.
• 7 years related information security or engineering experience.
• Must have current Certified Information Systems Security Professional (CISSP) certification; additional certifications such as GIAC, CEH, LPT, PCI-ISA, etc. are preferred.
• Experience with PCI, ISO 27001/27002, and SOX.
Requirements and General Skills:
• Fundamental understanding of risk-based information security management, as well as knowledge of applicable regulations, standards, and guidelines pertaining to information assurance (FIPS, NIST, ISO Standards).
• PCI DSS implementation experience.
• Ability to work with the development, integration, and infrastructure teams in implementing security controls.
• Ability to articulate vulnerability and risk based on technical security posture.
• Ability to support the development of system level plan of action and milestones.
• Strong troubleshooting and problem solving skills.
• Excellent interpersonal skills and the ability to work within all levels of the organization.
• Solid understanding of networking concepts and project management skills.
• Ability to collaborate effectively.
• Works with other team members, including cross-functional teams, business users, and vendors.
• Mentors new and/or less experienced team members.
• Required to wear a cell phone 24 x 7.
• Occasionally work nights and/or weekend hours for major implementations to minimize impact on organization.
• Must have legal right to work in the U.S.
Technical Skills:
• Experience working on Microsoft-based, complex systems in the security engineering role using the security features of Windows 2003/2008 Server products, Windows 7, IIS, Sharepoint, Exchange and SQL Server products.
• Experience as a security engineer or systems engineer including systems architecture, requirements analysis, integration, and process execution and evaluation.
• Experience with Tenable Security Center, Forcepoint/Websense DLP, Cisco ASA, Sourcefire, Symantec SEP, Nessus, NMAP, Snort, Burp Suite, or similar products.
Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Disabled.
The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.