Security and Compliance Specialist, Senior 3

12 Jul 2024

Vacancy expired!

Position: SECURITY AND COMPLIANCE SPECIALIST, SENIOR 3 Duration: 1 year Location: Montgomery, AL Definition This is fully functional complex through highly complex professional security and compliance work in the regulation of access to systems to prevent unauthorized access, modification, destruction, or disclosure of agency information. Employees work independently to monitor data security and implement controls. Work involves supporting security operations (i.e. intrusion detection/prevention, web filtering, vulnerability scans) to continually monitor technology resources and participates in analyzing the environment for security threats/vulnerabilities and unauthorized access. Employees are proficient in more than one recognized information security domain. Work is supervised by a higher-level Security and Compliance Coordinator, Supervisor, or Manager. Examples of Work

  • Responds to complex security requests, problem reports, questions, and incident reports; recommends or takes corrective action and follows-up on corrective actions to ensure that threats and vulnerabilities are addressed.
  • Performs forensic examinations to ensure proper containment and preservation of evidence, tracking of forensic events, maintenance of the chain of custody, and other related tasks.
  • Plans and performs audits and assessments of processes, employee practices, network operations and components, servers, telecommunications, applications, and other technology resources to evaluate policy and regulatory compliance, threats, and vulnerabilities, and weak or missing controls.
  • Guides risk assessment exercises to identify, evaluate, and address processes and operations posing security threats or significant vulnerabilities; prepares and presents audit and assessment findings, as well as recommendations of options to mitigate risks, achieve policy and regulatory compliance, and strengthen controls.
  • Reviews logging information for assigned systems and devices to identify abnormal or irregular use.
  • Develops and updates business continuity and disaster recovery protocols.
  • Provides technical assistance to lower-level Security and Compliance Specialists.
  • Supports technology tools typically used in audits, assessments, monitoring, analysis, and reporting.
  • Develops customized information security training and awareness presentations; responds to questions and resolves problems related to training; monitors employee compliance with information security training policies.
  • Recommends security products, services, and/or procedures to enhance security and deliver operational efficiencies.
  • Performs related work as assigned.
Compensable Factors
  • Graduation from an accredited four-year college or university with a bachelor's degree in computer science, mathematics, engineering, or a closely related field.
  • Considerable experience in information technology security and compliance analysis work in more than one recognized information security domain.
IS & GRC Role
  • Maintain availability of application during "hours of operation" window.
  • Maintain communications with all tools vendors to receive patches immediately upon release.
  • Analyze results of health checks and respond appropriately to ensure security and availability.
  • Ensure endpoints, servers, sensors are configured according to approved baseline/config standard, continuously logging, and have latest security policy and/or subscription update.
IS & GRC Key Attributes
  • Prior experience performing systems administration, security hardening, troubleshooting, integration and tuning for security apps, network devices, appliances.
  • Must have the ability to work closely with Security Operations and Engineering to ensure security tools are kept current and that tool performance matches expectations.
  • Prior experience working with Network, Systems and Cloud engineers to build and maintain shared tools.
Meeting notes
  • Positin makes sure tools function properly
  • Hands on config tools and integrate them
  • Tools on the project include:
  • Splunk (MSSP is configuring it)
  • Endpoint
  • Fortinet
  • Fortigate
  • Pulse Secure
  • Web Sense
  • Tensible SC
  • Firewall
  • Sim filtering
  • Proof Point
  • Secure Plus
  • Cisco umbrella
  • Cisco amp
  • CASB Cloud Access

  • ID: #44015759
  • State: Alabama Montgomery 36105 Montgomery USA
  • City: Montgomery
  • Salary: USD TBD TBD
  • Job type: Contract
  • Showed: 2022-07-12
  • Deadline: 2022-09-06
  • Category: Et cetera