Systems Security Specialist

Job Description:

Key Responsibilities:

• Cloud Security Architecture & Controls: Develop and implement robust cloud security controls, processes, and automation. Conduct security assessments and impact analysis for proposed system changes in AWS/Azure, collaborating closely with DevOps and development teams.
• Identity & Access Management (IAM): Design, deploy, administer, monitor, and provide operational support for IAM products (e.g., ForgeRock, SailPoint) across various operating systems, ensuring secure access for all stakeholders.
• Security Operations & Incident Response: Continuously monitor cloud and ancillary systems, respond to security incidents, perform forensics evaluation using SIEM tools, and escalate as necessary.
• Security Assessment & Compliance: Conduct cloud security assessments, penetration testing, and ensure MHBE system security requirements are addressed throughout the SDLC. Review and update security documentation (SSP, RAs, PIAs, POA&Ms).
• Firewall & General Security Management: Administer cloud-based and physical firewalls, and provide operational support for other security technologies.
• Policy Adherence: Strictly adhere to all security, change control, and MHBE PMO policies, processes, and methodologies.

Minimum Requirements:

• A minimum of two (2) years of experience analyzing, defining, deploying, monitoring, and administering security requirements and controls for large and mission-critical IT systems.
• A minimum of two (2) years performing day-to-day security operations functions, including administration, troubleshooting, and resolution of various security components.
• A minimum of two (2) years of hands-on experience in performing cloud security functions.
• A minimum of two (2) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
• A minimum of two (2) years of demonstrated production experience using AWS Cloud supporting security operations.
• A minimum of two (2) years of experience with administering security for Windows and Linux operating systems.
• Experience in performing Security Incident Response and Forensics evaluation with SIEM tools.
• Experience with AWS security features such as Security Groups, Network Access Control List, Firewall, WAF, Guard Duty, Macie, CloudTrail, CloudWatch, Control Tower, etc.
• Experience with assessment and evaluation of information systems to recommend changes and mitigate threats, risks, and vulnerabilities.
• Demonstrated ability to perform scheduled maintenance activities such as patching, performance tuning, and backups.
• Demonstrated ability to perform user provisioning and de-provisioning activities.
• Experience in monitoring the security infrastructure for operational effectiveness

Preferred Skills:

• A minimum of four (4) years of experience implementing, administering, and monitoring Security Controls and Governance for public-facing complex IT systems.
• A minimum of four (4) years of specialized experience in defining computer security requirements for high-level applications, evaluating approved security product capabilities, and developing solutions to multilevel security problems.
• A minimum of four (4) years of hands-on experience providing operational support for ForgeRock and Sailpoint IAM products.
• A minimum of four (4) years of experience with the assessment and evaluation of information systems to recommend changes and mitigate threats, risks, and vulnerabilities.
• A minimum of four (4) years of experience conducting Incident Response testing to evaluate processes for detection, response, and reporting of security incidents.
• Experience configuring ForgeRock to enable single sign-on with different applications and implementing password sync across all internal applications.
• Experience with configuration and administration of SailPoint and performing tasks such as designing an organizational tree structure and creating provisioning and de-provisioning policies.
• Experience implementing ID policies, password policies, access control lists (ACL), reconciliation, service definition, the configuration of remote resources, workflows, password synchronization, reconciliation schedules, and life cycle management.
• Experience in providing detailed configuration and administration for programs such as ACL configuration, Group Management, and configuration management.
• Hands-on experience with troubleshooting, investigating operational problems, and providing workarounds, resolutions, and remediations.
• Experience developing IT Security roadmaps and execution plans.
• Demonstrated technical knowledge of command line utilities running on various platforms, including Linux and MS Windows.
• Experience with implementation of integration solutions between IAM system and user account repositories such as Active Directory, LDAP, and Databases.
• Experience with Java, JavaScript, and shell scripts.
• Experience assisting organizations meeting NIST SP 800-37, NIST 800-53, IRS Publication 1075, and MARS-e 2.0 requirements.
• Experience with conducting vulnerability management and penetration testing efforts.
• Experience in configuring and reviewing ASA and/or Fortinet firewalls.
• Possess one or more security certifications such as CISSP, ISO, CSA STAR Cloud Security Advisor, CCSE, QCS, CNA, VCP, or equivalent preferred.
• Experience working with the Project Management Office (PMO) processes, policies, and procedures.