Request ID: BL-9734-1 (910890309)
Windows Admin/Security Analyst with Active Directory, PCI/NIST (must), VULNERABILITY assessment, PowerShell, ITIL, CDC/HIPAA/PCI, SolarWinds experience
Location: Columbia SC
Duration: 12+ Months Hrs/Wk: 40.00
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1. WINDOWS SERVER
2. SECURITY TOOLS – ABILITY TO INSTALL AND USER VARIOUS SECURITY TOOLS
3. CONFIGURATION MANAGEMENT
4. MICROSOFT ACTIVE DIRECTORY
5. UNDERSTANDING OF COMPUTER AND NETWORK OPERATING SYSTEM FUNDAMENTALS (E.G. OPERATING SYSTEMS, APPLICATIONS, STORAGE, NETWORKING)
6. EXPERIENCE IN PROJECT INVOLVING PCI/NSIT SECURITY IMPLEMENTATIONS AND/OR AUDITS
7. RISK/VULNERABILITY ASSESSMENTS
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1. Experience with security and data classification related to CDC, HIPAA, and PCI.
3. Knowledge of Information Technology Field, best practices, organization, and operations
4. Experience with SolarWinds
5. Ability to integrate technical systems with agency goals and objectives.
6. Ability to establish positive working relationships with technical staff, customers and others involved in data-centric management.
7. Excellent written, oral, and interpersonal communication skills
8. Experience working with PCI environments
Bachelor’s or Master’s Degree in a relevant field of work or equivalent work experience.
Miscellaneous Configuration management Yes 3 Expert Currently Using 4 – 6 Years
Network Security Experience in projects involving PCI/NIST security implementations and/or audits. Yes 6 Expert Currently Using 4 – 6 Years
Network Security risk/vulnerability assessments Yes 7 Advanced Currently Using 2 – 4 Years
Network Security SECURITY TOOLS – Ability to install and use various security tools Yes 2 Advanced Currently Using 4 – 6 Years
Networking & Directories Understanding of computer and network operating system fundamentals (e.g. operating systems, applications, storage, networking) Yes 5 Expert Currently Using 4 – 6 Years
Operating Systems/APIs PowerShell Yes 8 Advanced Currently Using 2 – 4 Years
Operating Systems/APIs Windows Server Yes 1 Expert Currently Using 4 – 6 Years
Software Framwork ITIL Yes 9 Advanced Currently Using 2 – 4 Years
Specialties Microsoft Active Directory Yes 4 Expert Currently Using 4 – 6 Years
Remote Work Availability: 0%
SCOPE OF THE PROJECT:
Client actively strives to remediate vulnerabilities within its array of Microsoft Windows Servers. An additional server engineer is needed to help support the Server Hosting Team and their efforts to lower the agency’s risk profile. This position will work closely with the Security Operations Center (SOC), Server Hosting, and the Change Management Board to review vulnerability reports, investigate solutions, test solutions and their impacts to other environments, follow the agency’s Change Management process, implement solutions, track, and document remediation.
This position will be a part of the team responsible for the implementation of this project. They will also be involved with supporting the day-to-day operations of the Agency’s Server Hosting environment.
Candidates should be self-motivated, team-oriented, work under limited supervision, and respond to priority tasks as needed.
DAILY DUTIES / RESPONSIBILITIES:
The system engineer will be responsible for managing the discovery, analysis, tracking, and remediation of vulnerabilities across the agency’s technology systems.
• Maintain and improve the vulnerability management process.
• Develop solutions and automated methods to reduce manual and repetitive tasks.
• Follow a mature change management process – preparing change management requests and presenting requests to the change management board for approval.
• Work closely with key stakeholder groups, including the SOC, to ensure appropriate levels of engagement and focus are maintained.
• Plan and implement technical changes without unexpected disruption to the service and with minimal oversight.
• Create, maintain, and review operational processes and support documentation.
• Adheres to Information Technology application development standards and security requirements.
• Prepare and maintain system documentation and architecture diagrams as assigned.
• Ability to plan, organize, review, implement associated project milestones to completion.
• Requires mastery technical and business knowledge in multiple disciplines/processes.
• Create supporting project and system documentation.
• Provide updates to the Project Team.
• Assist with development of policies and procedures to conform and comply with agency standard cyber security policy design related to information risk management, designation of data as to criticality, confidentiality, and protection. (NIST 800-53, FISMA, SC InfoSec Requirements http://admin.sc.gov/technology/information-security/policies-and-procedures, etc.)
The position will be utilized for 40 hours per week for the duration of this project. The selected candidate should be able to work flexible hours where it may be necessary for work to be completed outside traditional business hours.
The candidate will work closely with the Enterprise Computing Services Team Lead and Section Manager to identify, prioritize, and schedule workload and implementation to IT standards and procedures. The candidate will work closely with customer and subject matter experts for the system design, migration to the new framework, and testing.
This will also include compliance to Client security policy/procedures as well as integrating systems when possible to streamline staff workflows, user security, and data correction.