Security and Access
- Working alongside the Director of IT Infrastructure, establish, and maintain a security plan for best standards and practices within the company. Communicate updates to security procedures, software, risks, and events to management and staff.
- Maintain awareness of publicized cyber-attack issues and guide the department on necessary investigative steps and mitigating actions. Keep current on major information technology security trends and available tools.
- Install and maintain troubleshooting of security-based applications. Monitor appropriately for potential unauthorized access, oversee response team, and create formal reports for any security event.
- Ensure the DCRB staff are educated in safety, including but not limited to safety in email, applications, web, and other potential risk behaviors.
- Assist in the investigation of user issues both from a security and network troubleshooting perspective. This includes identifying the source of the issue, determine and recommend viable solutions, and test and implement solutions.
- Establishes and maintains security groups with appropriate privileges for servers, databases, file shares, etc. Ensure all access is granted by security group and not at an individual level.
- Assist with security vendor selection for internal security audit tests, this includes Web Application Vulnerability and Network Penetration testing, as well as review the findings in the audit reports to assist the DEV team in planning remediation.
- Review of SaaS weekly reports and work with vendor NOC to remediate vulnerabilities found on weekly scans, as well as determine if NOC alerts are false positives or potential malicious activity.
- Conduct quarterly testing of simulated cyber-attacks using tools to look for vulnerabilities in the external web application and take care of these before an outside cyber-attack.
- Establish upgrade regularly scheduled software and operating system patching at all levels. If needed, schedule emergent patching when critical issues are identified. Understand the impact of network, server, and PC software upgrades and patches published.
- Assist the Network team in training Bureau personnel in non-security PC Software and Systems.
- Assist in installing, configuring, and maintaining personal computers, servers, networks, network cabling, and other related equipment.
- Assist with VEEAM Backups and Cloud Disaster Recovery restorations.
- Assist with interactions with hardware and software vendors on issues affecting users or the organization
- Participate in an industry subgroup that oversees security for a Workers Compensation Web product that is used by Insurance Carriers to submit data. This group reviews all aspects of security for the application and the cloud environment and reports back to the industry group managers.
- Create and maintain regular process/workflow documentation.
SPECIAL SKILLS OR QUALIFICATIONS REQUIRED:
- Bachelor’s Degree in relevant field or equivalent work experience
- 1-3 years security experience plus security related coursework or certifications
- 3 – 5 years Network administration
- Communication skills: able to write clear, concise documents and communicate with both technical and nontechnical team members.
- Organizational skills: able to work on more than one assignment concurrently
- Analytical and critical thinking skill: able to problem solve and consider multiple angles or impacts
- Ability to adapt; able to change direction and innovate
- Independence: works independently and seeks help as appropriate
- Curiosity: interested in understanding existing and emerging technology, interested in the business benefit and purpose of solutions
- Strong organizational, communication, and management skills with the ability to work independently and adapt to various situations. PC proficient with in-depth PC knowledge. Communicate effectively with all levels of DCRB personnel and outside contacts.
- Knowledge of operational security tools such as: data loss prevention, email protection systems, privileged access management, hardware authentication devices, next-gen antivirus, multi-factor authentication solutions, network systems (both on-prem and in the cloud), firewalls, OSs, hardware setups, etc.