Information Security Analyst II (E5122)

Institute Of Electrical And Electronics Engineers

Job Location:

Piscataway, NJ - USA

Monthly Salary: Not Disclosed

Posted on: 12 hours ago

Vacancies: 1 Vacancy

Job Summary

Education

Bachelors degree or equivalent experience Bachelors Degree in computer related field such as Computer Science Mathematics or lieu of a degree equivalent experience will be considered. Req

Work Experience

2-4 years At least 4 years direct experience involving security network architectures and Internet communications protocols (TCP/IP) monitoring and intrusion prevention strategies (e.g. Firewalls Security Event Correlation Malware Detection IDS/IPS) Identity & Access Management technologies and concepts (Enterprise Directory Services Virtual Directory Enterprise Single Sign-On / Web Access Controls and Authorization models) in a large distributed high performance business critical networked environment. Req

Licenses and Certifications

Relevant professional qualifications / certifications (CISSP CEH CISM CISA CSSLP SANS CHECK CREST) a plus. Pref

Skills and Requirements

Knowledge or familiarity of security technologies and concepts including but not limited to encryption Public Key Infrastructure (PKI) two factor authentication network security (firewall intrusion detection / protection and network anomaly detection) host based security (Anti-malware firewall intrusion detection / protection patch management and file integrity) web application security (web application firewall secure application development authentication session management access control single sign-on and error handling) database security (authentication access control auditing and integrity) secure remote access (VPN terminal and console) security data analysis (security event monitoring correlation analysis and response)
Knowledge or familiarity on conducting and mitigating security/risk assessments
Knowledge of Authentication & Authorization technologies (LDAP RADIUS Two-factor authentication SAML OpenToken OAuth etc.)
Knowledge and experience installing and administering Enterprise Directory Services technologies such as; Oracle Unified Directory Oracle Virtual Directory OpenLDAP and Microsoft Active Directory.
Knowledge or familiarity installing and administering Enterprise Single Sign-On (ESSO) and Access Management (AM) technologies such as; Computer Associates SiteMinder Oracle Access Manager IBM Tivoli PingFederate PingAccess and OpenSSO / OpenAM.
Knowledge and experience Windows Active Directory.
Knowledge of Self Service Account Management technologies concepts and best practices such as; Identity validation user provisioning self-service password recovery and automation workflows (i.e. Self Service Access requests).
Good understanding of a programming language (e.g. Java C Perl) HTML/XML and Unix shells scripting (e.g. CSH KSH SH).
Excellent communication skills (written and verbal) and able to articulate key messages to a range of audiences.o Can effectively discuss security challenges with developers and testerso Experience of at least one code security review tool
Ability to work alone and build relationships across the organization.
Anticipates problems and identifies long-term implications of decisions and actions.
Familiarity with server operating systems such as; Windows Linux & Solaris
Familiarity with web application security concepts such as; secure application development secure session management cryptography input validation logging and error handling a plus.
Familiarity with load balancer technologies and ESSO integration capabilities is a plus.
Familiarity of Authentication Authorization concepts such as; Identity Federation Multi-Factor Authentication (MFA) Public Key Infrastructure (PKI) RADIUS / TACACS a plus.

Other Requirements:
As defined in IEEE Policies individuals currently serving on an IEEE board or committee are not eligible to apply.

PLEASE NOTE: This position is not budgeted for employer-sponsored immigration support this includes all persons in F (both CPT and OPT) J H L or O status.

For information on work demands and conditions required for this position please consult the reference document ADA Requirements. This position is classified under Category I - Office Positions.

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability or status as a protected veteran.

Disclaimer: This job description is proprietary to IEEE. It outlines the general nature and key features performed by various positions that share the same job classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties and qualifications required of all employees assigned to the job. Nothing in this job description restricts managements right to assign or re-assign duties to this job at any time due to reasonable accommodations or other business reasons.

Job Summary
The overall purpose of this position is to protect the security and integrity of IEEE data through the implementation and maintenance of information security practices measures and technologies consistent with industry best practices. This position will act as a subject matter expert who will diligently assist with the maintenance and improvement of information and systems to ensure appropriate safeguards are in place. The incumbent must possess a thorough understanding and knowledge of security controls strategies and methodologies as well as knowledge of some of the following technologies: firewalls identity and access management advanced authentication single sing on security audits security diagnostics and encryption. The role reports to the Manager Information Security and manages 0 direct reports.

Key Responsibilities

Proactively identify and remediates vulnerabilities using industry best practices and maintains a strong awareness and understanding of the current threat landscape.
Performs internal and external security audits to ensure compliance with agreed security practices policy and procedures to adhere with legal and regulatory requirements.
Identifies security policy violations and leads in the corrective actions to maintain data and infrastructure security.
Provides guidance and technical expertise to other technical employees and project teams and enforces established security policies.
Assists project teams with the application and implementation of IEEE security policies standards processes and agreed architectures.
Makes recommendations for enhancing security services participates and at times leads the evaluation of commercial information security products and services to determine which of these should be adopted by or tested by the organization.
Assists with the installation maintenance and support of information security tools and services including but not limited to identity and access management systems including single sign on (SSO).
Participates in development and update of security policies procedures standards guidelines and architectures.
Assists with the execution vulnerability and penetration tests of IEEE network and systems including the remediation of findings.
Assists with the investigation of security incidents recommends and implements solutions to remediate or mitigate them.
Assists in the formulation and enforcement of security policies and procedures.

Required Experience:

EducationBachelors degree or equivalent experience Bachelors Degree in computer related field such as Computer Science Mathematics or lieu of a degree equivalent experience will be considered. ReqWork Experience2-4 years At least 4 years direct experience involving security network architectures an...

Education

Bachelors degree or equivalent experience Bachelors Degree in computer related field such as Computer Science Mathematics or lieu of a degree equivalent experience will be considered. Req

Work Experience

2-4 years At least 4 years direct experience involving security network architectures and Internet communications protocols (TCP/IP) monitoring and intrusion prevention strategies (e.g. Firewalls Security Event Correlation Malware Detection IDS/IPS) Identity & Access Management technologies and concepts (Enterprise Directory Services Virtual Directory Enterprise Single Sign-On / Web Access Controls and Authorization models) in a large distributed high performance business critical networked environment. Req

Licenses and Certifications

Relevant professional qualifications / certifications (CISSP CEH CISM CISA CSSLP SANS CHECK CREST) a plus. Pref

Skills and Requirements

Knowledge or familiarity of security technologies and concepts including but not limited to encryption Public Key Infrastructure (PKI) two factor authentication network security (firewall intrusion detection / protection and network anomaly detection) host based security (Anti-malware firewall intrusion detection / protection patch management and file integrity) web application security (web application firewall secure application development authentication session management access control single sign-on and error handling) database security (authentication access control auditing and integrity) secure remote access (VPN terminal and console) security data analysis (security event monitoring correlation analysis and response)
Knowledge or familiarity on conducting and mitigating security/risk assessments
Knowledge of Authentication & Authorization technologies (LDAP RADIUS Two-factor authentication SAML OpenToken OAuth etc.)
Knowledge and experience installing and administering Enterprise Directory Services technologies such as; Oracle Unified Directory Oracle Virtual Directory OpenLDAP and Microsoft Active Directory.
Knowledge or familiarity installing and administering Enterprise Single Sign-On (ESSO) and Access Management (AM) technologies such as; Computer Associates SiteMinder Oracle Access Manager IBM Tivoli PingFederate PingAccess and OpenSSO / OpenAM.
Knowledge and experience Windows Active Directory.
Knowledge of Self Service Account Management technologies concepts and best practices such as; Identity validation user provisioning self-service password recovery and automation workflows (i.e. Self Service Access requests).
Good understanding of a programming language (e.g. Java C Perl) HTML/XML and Unix shells scripting (e.g. CSH KSH SH).
Excellent communication skills (written and verbal) and able to articulate key messages to a range of audiences.o Can effectively discuss security challenges with developers and testerso Experience of at least one code security review tool
Ability to work alone and build relationships across the organization.
Anticipates problems and identifies long-term implications of decisions and actions.
Familiarity with server operating systems such as; Windows Linux & Solaris
Familiarity with web application security concepts such as; secure application development secure session management cryptography input validation logging and error handling a plus.
Familiarity with load balancer technologies and ESSO integration capabilities is a plus.
Familiarity of Authentication Authorization concepts such as; Identity Federation Multi-Factor Authentication (MFA) Public Key Infrastructure (PKI) RADIUS / TACACS a plus.

Proactively identify and remediates vulnerabilities using industry best practices and maintains a strong awareness and understanding of the current threat landscape.
Performs internal and external security audits to ensure compliance with agreed security practices policy and procedures to adhere with legal and regulatory requirements.
Identifies security policy violations and leads in the corrective actions to maintain data and infrastructure security.
Provides guidance and technical expertise to other technical employees and project teams and enforces established security policies.
Assists project teams with the application and implementation of IEEE security policies standards processes and agreed architectures.
Makes recommendations for enhancing security services participates and at times leads the evaluation of commercial information security products and services to determine which of these should be adopted by or tested by the organization.
Assists with the installation maintenance and support of information security tools and services including but not limited to identity and access management systems including single sign on (SSO).
Participates in development and update of security policies procedures standards guidelines and architectures.
Assists with the execution vulnerability and penetration tests of IEEE network and systems including the remediation of findings.
Assists with the investigation of security incidents recommends and implements solutions to remediate or mitigate them.
Assists in the formulation and enforcement of security policies and procedures.

Required Experience: