Information Technology Security Administrator

About Charles River Associates

For over 50 years Charles River Associates has been a premier consulting firm that offers employees a place to learn from a diverse group of consultants industry experts and academics. At CRA you will be exposed to leading minds who use economic financial and business analysis to solve complex world problems for an impressive roster of clients including major law firms Fortune 100 companies and government agencies. Through a collegial environment formal and informal training opportunities and a broad array of professional development resources your experience at CRA will open doors for you throughoutyour career.

The Information Technology (ITS) department at Charles River Associates is currently a team of more than 40 professionals dedicated to enhancing maintaining and developing the firms technology infrastructure and security. The team is comprised of four functions:Service Delivery & TelecomEnterprise Application SolutionsInfrastructure Networking and Cloud SolutionsInformation Security. Information Technology staff are based in the Boston Chicago London Munich New York Oakland San Francisco College Station and Washington DC offices. Mainly a Microsoft house CRA is looking to maximize the performance of our on-premise systems and hybrid infrastructure meaning experience with cloud technologies is essential for this role.

Position Overview

The Security Administrator supports CRAs information security and compliance objectives by administering and monitoring identity and access controls privileged access security configuration standards and recurring security tasks. This role partners closely with Infrastructure Service Delivery Enterprise Applications and Information Security to ensure that access is provisioned appropriately administrative privileges are controlled security baselines are maintained and evidence is available for audits and compliance reviews. The Security Administrator also helps reduce operational risk by improving repeatability (documentation runbooks automation where feasible) and by supporting incident response and remediation activities. Key Responsibilities include:

• Identity & Access Administration (AD/Entra and core access controls):Administer and support identity and access controls across core platforms (e.g. Active Directory and cloud identity services) including account lifecycle activities group management and delegated administrative models.
• Privileged Access & Administrative Account Controls:Support the administration and enforcement of privileged access standards including separate admin accounts least privilege and controls around membership in privileged groups (e.g. Domain Admins Enterprise AdminsSchema AdminsAdministrators SQL Admins workstation/desktop support admin groups).
• Access Reviews & Evidence Collection (Audit Readiness):Execute recurring access reviews and produce audit-ready evidence (e.g. administrator account reviews privileged group membership exports/screenshots with timestamps approval tracking) coordinating required approvals andretainingrecords per process.
• Security Configuration Standards & Hardening:Implement andmaintainsecurity configuration standards for Windows/identity-related services including baseline security settings policy alignment and ongoing verification activities.
• Vulnerability & Remediation Coordination:Partner with infrastructure and endpoint teams to support vulnerability management workflows (triage prioritization tracking and validation of remediation) with focus on identity/security-related findings and configuration weaknesses.
• Server Patching Support (off-hours/weekends): Participate in off-hours and weekend server patching processes asrequired includingchangecoordination access enablement validation and post-maintenance checks.
• Ticketing / Service Operations Support:Handle and triage security administration requests through the ticketing system (e.g. access changes group/permissions adjustments privileged access requests) ensuring proper approvals and adherence to standard processes.
• Security Monitoring Support (as assigned):Support investigation and response activities by gathering logs access history and system context when security events require identity/permissions analysis; coordinate escalation to Information Security / SOC as needed.
• Documentation & Process Improvement:Maintainand improve documentation (runbooks procedures approval flows) for security administration tasks;identifyopportunities to streamline repetitive access tasks through standardization and automation.
• Cross-Team Collaboration:Work closely with Infrastructure Service Delivery Enterprise Applications and Information Security stakeholders to ensure security administration work is prioritized effectively and executed consistently; communicate clearly with technical and non-technical audiences.
• Server Vulnerability and Update Patching Support:Ability to support off-hoursmaintenance windows (evenings/weekends) asrequired including clear communication careful execution and post-change validation.

Relevant Skills & Experience

• Bachelors degree in a relevant discipline Masters desirable;
• Demonstrated hands-on experience administering identity and access controls in Microsoft-centric environments (e.g. Active Directory and cloud identity platforms);
• Familiarity with Windows Server administration concepts;
• Working knowledge of privileged access concepts and controls (least privilege separation of duties delegated administration privileged group governance);
• Experience producing audit evidence and supporting compliance workflows (access reviews approval capture evidence retention);
• Familiarity with common security operations processes (incident change problem) and comfort working in a ticket-driven operating model;
• Scripting/automation exposure (PowerShell preferred) to reduce manual administrative overhead is a plus;
• Familiarity with vulnerability management and remediation coordination processes/tools is a plus.
• Ability to follow and improve documented procedures with strong attention to detail and consistency;
• Strong communication and collaboration skills; able to coordinate with multiple IT teams and stakeholders.

Career Growth and Benefits

• CRAs robust skills development programs including a commitment to offering 100 hours of training annually through formal and informal programs encourage you to thrive as an individual and team member. Beginning with research and analysis skill building training continues with technical training presentation skills internal seminars and career mentoring and performance coaching from an assigned senior colleague. Additional leadership and collaboration opportunities exist through internal firm development activities.
• We offer a comprehensive total rewards program including a superior benefits package wellness programming to support physical mental emotional and financial well-being and in-house immigration support for foreign nationals and international business travelers.

Work Location Flexibility

CRA creates a work environment that enables our colleagues to benefit from being together in the office to best deliver on our promise of career growth mentorship and inclusivity. At the same time we recognize that individuals realize a range of benefits when working from home periodically. We currently expect that individuals spend at least 3 to 4 days a week working in the office (which may include traveling to another CRA office or to client meetings) with specific days determined in coordination with your practice or team.

Our Commitment to Equal Employment Opportunity

Charles River Associates is an equal opportunity employer (EOE). All qualified applicants will receive consideration for employment without regard to race color religion sex national origin age disability status as a protected veteran or any other protected characteristic under applicable law.

Salary and other compensation

A good-faith estimate of the annual base salary range for this position is $125000 - $140000. Stating pay within this range may vary based on factors such as education level experience skills geographic location market conditions and other qualifications of the successful candidate. This position may be eligible for additional bonus incentive compensation. CRA offers a comprehensive benefits package subject to eligibility requirements which may include: medical dental and vision insurance; 401(k) retirement plan with employer match; life and disability insurance; paid time off (vacation sick leave holidays); paid parental leave; wellness programs and employee assistance resources; and commuter benefits.