Information Security Specialist

Information Security Specialist

Requirements

• Intermediate level knowledge of IT-related security threats and best practice safeguards
• Intermediate level knowledge of principles related to information security auditing and information security compliance
• Intermediate level knowledge of PCI DSS compliance
• Basic level knowledge of information security technologies such as Endpoint Detection and Response (EDR)
• Basic level knowledge of information security operations such as alert triaging and vulnerability management
• Basic level knowledge of the setup and support of Linux and Microsoft Windows server and desktop operating systems
• Basic level knowledge of principles related to securing cloud infrastructure
• Basic level knowledge of network and firewall topology
• Basic level knowledge of business-related software applications and services
• Intermediate level knowledge of NISC’s business units that are responsible for NISC’s internal and hosted information systems
• Basic level knowledge of the Utility and Telecom industries
• Basic level knowledge of Project Management processes and theory
• Strong level verbal and written communication skills
• Intermediate level presentation and training skills
• Strong level telephone/email etiquette and an ability to deal effectively with internal and external customers
• Strong research and problem-solving skills with a strong attention to detail
• Intermediate level ability to organize and prioritize
• Ability to travel as often as necessary to meet the goals and objectives of the position
• Intermediate ability to demonstrate initiative and accountability
• Intermediate level ability to troubleshoot

Responsibilities

• Assist in maintaining the confidentiality, integrity, and availability of NISC’s information systems
• Assist in investigating and triaging alerts from NISC’s Security Operations Center (SOC) and Endpoint Detection and Response (EDR) platforms
• Perform internal audits of NISC information systems against NISC’s policies and procedures and against industry best practices
• Assist in completing NISC’s annual PCI DSS and SOC assessments
• Assist in maintaining secure identity management practices at NISC, including but not limited to maintaining the principle of least privilege and regular reviews of NISC’s role-based access controls
• Follow up on monthly hunt reports that identify actionable findings from NISC’s managed detection and response partner
• Assist in NISC’s vulnerability management initiatives, including but not limited to vulnerability discovery, documenting and routing findings to teams for remediation, and monitoring industry sources (US-CERT, etc.) for new vulnerabilities
• Support NISC’s Internal IT teams in executing security initiatives and in supporting security solutions
• Serve as a frontline resource to other employees regarding information security
• Assist in responding to information security incidents that trigger NISC’s incident response plan
• Assist in delivering employee security education programs
• Perform work duties outside of regular business hours, on an as needed basis, to meet internal and/or customer needs
• Other duties as assigned
• Commitment to NISC’s Statement of Shared Values

Preferred Qualifications

• Bachelor’s Degree in an information security-related field or equivalent experience
• CompTIA Security+ or equivalent certification
• PCI DSS