Security Operations Engineer
Location: Boston , Massachusetts
The IT Security Analyst will help develop and implement a robust, mature Information Security Compliance/Audit program. This role will assist with the planning, execution and gathering of documentation and the reporting of IT audits/security assessments. Will communicate requirements, security standards, control deficiencies and their associated risks to the IT Department. Holds one or more of the following: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), GIAC Certification. Understanding of ITSM and the ITIL framework.
Duties & Responsibilities The Information Security Operations Engineer will have a broad range of responsibilities for securing extensive computer infrastructure, responding to security threats, and Offering consulting and advice on security issues to faculty, staff, and students. He or she will be a key Member in developing and implementing a robust, mature Information Security Program alongside the Information Security Officer. Provide mentoring and technical leadership on key initiatives and operational support activities. The position will require an independently minded individual to apply his/her skills into providing a truly world class environment for constituents.
• Test and assess computer systems (hardware and software) and network equipment for potential threats and vulnerabilities, identify mitigation steps, and collaborate with system administrators and network engineers to implement fixes.
• Recognize and respond to information security incidents, in partnership with IT organizations
• Perform digital forensics as part of the incident response and in response to other community needs. Author and edit incident reports.
• Stay on top of latest developments in information security, industry trends, security risks, and best practices.
• Lead evaluation and deployment of new tools and techniques to better secure network
• Act as an internal consultant on security related matters to staff
• Coordinate and perform security related awareness campaigns and educational exercises
• Closely align and coordinate activities with coworkers Information Security organization • Collaborate with staff, faculty and students on the delivery of solutions that meet their needs while ensuring that security risk is minimized
• Troubleshoot and resolve complex server issues
• Monitor call tracking system; Investigate and resolve trouble tickets
• Assumes additional responsibilities as required. Typical Core Duties • Perform complex procedures necessary to ensure the safety of information and to protect systems from intentional or inadvertent access, modification, disruption or destruction
• Recognize and identify potential areas where existing data security policies and procedures require change, or where new ones need to be developed (firewalls, intrusion detection, vulnerability scanning, host operating systems, and network devices)
• Weigh business needs against security concerns and articulate issues to community stakeholders and management
• Perform or contribute to risk assessments
• Provide community stakeholders and management with risk assessments and security briefings to advise them of critical issues that may affect security objectives
• Evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness.
• Maintain awareness of changes in local, state, and federal laws as well as industry standards, guidelines, and current business objectives
• Advise unit/school on questions in support of processes; ensure that user community understands and adheres to necessary procedures to maintain security
• Collaborate to continuously improve processes, policies and procedures
• Provide training to clients/staff
• May function as subject matter expert or project lead
• Minimum of five years’ post secondary education and/or relevant work experience
• Familiarity with information security concepts, relevant tools and standards