Just got contacted for a role with the longest list of requirements I've seen in a good long while:
THE DETAILS
• Responsible for implementation and operation of key security technologies like
o Single Sign On
o Privilege Identity Management
o Vulnerability Management
o Disk Encryption
o Firewall Auditing
o Network Access Control
• Create and maintain team standards and strategy for special projects involving Perimeter Defense, including Firewalls, Intrusion Detection/Prevention and Incident Response
• Work within the administration of the Computer Security Incident Response Team's infrastructure, including Intrusion Detection/Prevention systems and Malware Analysis platform, performing upgrades when necessary, monitoring system performance and system(s) capacity
• Establish key business operations relationships, providing an avenue to assess and recommend operational changes and enhancements
• Ensure that system improvements are successfully implemented and monitored to increase efficiency
• Partner with the IT and business operations areas and with both internal and external parties to resolve technical security issues
• Create testing procedures, requirements, documents and evaluation methods using Microsoft Office applications including Word, Excel, PowerPoint and Visio Access
• Communicate with both technical and non-technical users to determine individual requirements
Other duties include:
• Provide technical security support to other IT and business groups
• Provide architectural design, implementation, and operational support
• Implement new technologies as required to support the ever changing security landscape
• Work closely with the Internal Audit and the Security and Compliance departments to insure a unified architecture and communication with the field.
• Help develop, operate, and maintain security guidelines and procedures including incident response support and monitoring and enforcing security controls.
• Ensure the ongoing integration of information security with business strategies and privacy requirements
EDUCATION/CREDENTIALS
• Bachelor's Degree in computer science or relate field, and
• One or more of the following certifications: CISSP, CISA, CISM, CCNA, CCNP,CCIE, CWNA, CWNP, and CWNE- Good to have
General Requirements:
• 5+ years of total Information Security experience, in a highly, technical hands on environment required
• Proven ability to communicate effectively to executive management required
• Knowledge of NIST 800-53, COBIT, ISO 27001/02 etc
• Understanding of current Data Privacy and HIPAA-HITECH regulations
• Familiarity with HITRUST Common Security Framework preferred
• Flexible, creative and able to function well in a team environment
• Strong analytical skills
• Ability to explain difficult technical matters in a manner understood by non-technical contacts
• An understanding of confidentiality and working in a procedure-oriented environment
• Good organizational skills
• Must be able to work effectively in high stress situations
• Strong oral and written skills
• Must be open minded and willing to learn
• Must be dedicated
• Must be able to multitask
• Must be able to demonstrate expertise in problem solving and conflict resolution
• Excellent communication (both written and verbal)
• Organizational and analytical skills
• Possess the ability to interact professionally with Senior Leadership
• Excellent leadership skills and the ability to unify and empower multiple groups to achieving the same goal
• Ability to interact with technical staff across multiple systems and disciplines-High degree of self-sufficiency, ownership, and pride of deliverables
Technical Requirements:
• Broad knowledge of internet technology and protocols
• Broad knowledge of network infrastructure design and implementation
• Knowledge of Linux and Unix systems (SUSE and Mainframe)
• Thorough knowledge of all Windows based systems
• Thorough knowledge of network infrastructure equipment (Router, switches, DNS, Proxy, Mail, etc.)
• Thorough knowledge of Internet applications (SMTP, HTTP(s), FTP, telnet, SSH, etc.)
• Thorough knowledge of Security threats and countermeasures
• Thorough knowledge of risk assessment and practical implementations
• Thorough knowledge of Intrusion Prevention Systems (IPS - Host and Network)
• Thorough knowledge of Intrusion Detection Systems (IDS - Network)
• Thorough knowledge of Log analysis (Diverse systems)
• Must be proficient and maintain Subject Matter Expertise in multiple technical disciplines
• Must have and maintain a thorough knowledge of security vulnerabilities and or weaknesses
• Thorough knowledge and understanding of malware
• Experience with C, Perl, Java, shell, and various scripting languages and tools
• Expertise in Incident Analysis
• Thorough knowledge in Understanding and Identifying Intruder techniques
• Thorough understanding of the requirements for Chain of Custody and the maintenance of Incident Records
:matrix:
So.... They want an entire IT department in one person? I bet its for a stellar $35k/yr too. Lol
Only thing missing is desktop support.
Quote from: deanwebb on January 05, 2015, 01:09:40 PM
• One or more of the following certifications: CISSP, CISA, CISM, CCNA, CCNP,CCIE, CWNA, CWNP, and CWNE- Good to have
Yes, I have a CCNA. I even have two
:awesome:
Usually a laundry list of everything they want. I feel it never hurts to apply if you want the job and get told no. Usually they budge if they like you.
Shouldn't have any issues finding that :-)