- Purpose of Job
- The Senior Information Security Specialist functions as a senior member of the Information Security SOC and Incident Response Team, performing on-going monitoring of the environment and responding to events identified through IT tickets, security information and event managements (events) and/or other security technology consoles, in addition to assisting other IT groups with information security related inquiries, tasks and support.
- Provides subject matter expertise on Security Architecture.
- Acts as subject matter expert in one or more information security technology or processes and actively mentoring junior staff of technology and processes.
- Job Requirements
- High School Diploma or General Educational Development (G.E.D) required
- Bachelor's Degree in Computer Science, Business Information Systems, Information Technology, Information Security, or a related field preferred.
- Minimum 5 years information security experience in a combination of information security, risk management and IT roles required.
- Minimum 1-2 years experience in areas such as Security Operations Center, Network Operations Center, System Administrator, Platform/Tool Support Engineer, IT Helpdesk support required.
- Demonstrated in Active Directory, distributing Group Policy and building Organizational Units to manage network security.
- Strong technical background in enterprise-wide security architecture and/or security procedures desirable.
- Experience with EDR (Endpoint Detection and Response) and Email Gateway Platforms preferred.
- Certification as a Certified Information Systems Security Professional (CISSP) or comparable designation is required within 6 months of hire.
- Industry certification from vendors: GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Unix, Microsoft, Oracle, etc. preferred.
- Knowledgeable in the use and administration of security information and event management (SIEM) platforms.
- Knowledge of SIEM administration and customization such as report and alert creation.
- Knowledgeable in information security incident handling.
- Ability to provide training for the Information Security SOC and Incident Response team and non-information Security personnel with authorized access to the SIEM.
- Superior analytical abilities; both technical and functional.
- Ability to deal with complex functional specifications and determine how to best implement them technically.
- Strong verbal and written communications skills and the ability to work with a wide variety of individuals.
- Ability to work effectively in a collegiate; consensus driven organization environment.
- Ability to condense and interpret complex issues.
- Knowledge of information security architecture requirements.
- Acts as an advisor to staff on information security architecture requirements and set up.
- Ability to troubleshoot computers, peripherals, and other hardware.
- Ability to provide technical support to end users covering all software and hardware related issues.
- Physical Requirements
- Weight Demands
- Light Work - Exerting up to 20 pounds of force.
- Not neccessary for the position (0%):
- Occasionally Performed (1%-33%):
- Distinguish colors
- Frequently Performed (34%-66%):
- Repetitive Motions
- Constantly Performed (67%-100%):
- Not Related:
- Chemical agents (Toxic, Corrosive, Flammable, Latex)
- Biological agents (primary air born and blood born viruses) (Jobs with Patient contact) (BBF)
- Physical hazards (noise, temperature, lighting, wet floors, outdoors, sharps) (more than ordinary office environment)
- Explosives (pressurized gas)
- Electrical Shock/Static
- Radiation Alpha, Beta and Gamma (particles such as X-ray, Cat Scan, Gamma Knife, etc)
- Radiation Non-Ionizing (Ultraviolet, visible light, infrared and microwaves that causes injuries to tissue or thermal or photochemical means)
- Mechanical moving parts/vibrations
- Essential Job Functions
- Essential Functions I
Ensure the up-time, health, and efficiency of the production security technologies.
- Performs vulnerability network scanning, analyzes results, and assigns remediation to the appropriate resource(s).
- Manages and monitors intrusion detection systems, creates incidents for anomalous activity, performs independent analysis of incidents, reviews performance metrics; produces periodic management reports.
- Perform daily tasks including contributing to investigation of high alerts, determining the source of the threats and determining the extent to which an assets has been compromised through 'eye on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from SIEM tools, network and host based IDS, firewall logs, system logs (Unix and Windows), mainframes, midrange, applications and databases.
- Performs system and network analysis of intrusions to the network infrastructure, applications, operating systems, firewalls, proxy devices, malware detection and data encryption and other security measures.
- Assist with maintenance and improving internal tools for network and server security monitoring and maintenance.
Identifies methods, solutions, and provides project assistance in order to provide a high level of security.
- Performs in-depth network security analysis including preliminary incident response, event analysis, threat intelligence and log reviews.
- Investigate and troubleshoot system and user issues related to information security technologies.
- Share on-call responsibilities, night and weekend project, and support work as required.
- Performs tuning of SIEM platform including event reduction, threshold tuning, and alert triggers.
- Reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, intrusion detection systems, system logs).
- Capable of working a lead resource on development, implementation, and execution of standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM platform and other technologies maintained by the information security team.
Monitor security technology performance in order to determine whether adjustments need to be made, and to determine where changes will need to be made in the future.
- Pull metrics, information, and other required data necessary to prepare operational reports, governance reports that will be presented to the business stakeholders, Information Security & Risk Steering Committee (ISRC) and appropriate business representatives. Recommends additional metrics that should be monitored and assists with piloting of recommendations.
- Performing vulnerability scanning, completion of incident tickets, and supporting IT groups' information security requests.
- Position reports directly to the Information Security Manager.
Assist in build-out of new information security infrastructure for new locations.
Install, upgrade, and patch OS application software for Information Security technologies.
- Assist with information technology patching.
- Assisting with assessments, audits and system reviews as necessary.
Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.
Practices and promote teamwork at all times.
Maintains ability to travel to all locations as well as the ability to travel overnight, as needed for meetings, projects, seminars, etc. when necessary.
Essential Functions II
Participates in mandatory in-services and/or CE programs as mandated by policies and procedures/external agencies and as directed by management.
Follows and understands the mission, vision, core values, Employee Standards of Behavior and company policies/procedures.
Other duties as assigned.
Methodist Health System