Cyber Security Administrator

Role: Cyber Security Administrator
Location: Rochester, NY (Hybrid)

Duration: FTE

Role:

This position will be responsible for supporting the introduction of modern technology and processes to improve security and countermeasures on enterprise endpoints. Specific deliverables will support implementation of endpoint intrusion prevention using Microsoft endpoint management and protection suites, antivirus, and endpoint vulnerability management administration, including but not limited to corrective actions. Candidates will need to understand patching methodologies, CVSS v3 ratings and scoring, risk ranking and cataloging and endpoint threat mitigation tactics and techniques.

Essential Functions:

• Monitor security systems and provide early response to potential threats.
• Analyze technologies and establish highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into company networks and systems.
• Support automation and orchestration to maximize team talent and reduce routine tasks.
• Drive creation of countermeasures to protect company personnel and information assets.
• Take ownership of a comprehensive logging and monitoring methodology for the enterprise.
• Document, prioritize, and formally report incidents, root cause analyses, and after-action reviews.
• Manage Security Administrators responsible for firewalls, network and host intrusion prevention/detection systems, virtual private networks, threat intelligence platforms, endpoint protection, email security, forensic tools, public/private/hybrid cloud infrastructure, identity and access management systems, and physical security systems.
• Work closely with system owners to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization s security posture against them.
• Provide support to business groups launching modern applications and services to verify that new offerings are effectively logging and reporting activity.
• Communicate incident activity in a manner understood by technical and non-technical business units and gain support through influential messaging.
• Defines key performance indicators and metrics that align with business initiatives and delivers them to non-technical individuals in an effective, understandable manner.
• Periodically attend and participate in change management policy discussions and meetings.
• Understand breach and attack simulation solutions to validate and improve the effectiveness of preventative controls and incident response.
• Familiarity with cyber kill chain processes, using Mitre Attack framework to identify IoCs and drive next steps derived from that alignment.

Qualifications

• Higher education with a technical focus such as Information Security, Computer Science, or equivalent industry experience.
• 3+ years information security experience with at least 2+ years exposure to various security frameworks; CISSP, CRISC, CGEIT, GRCP, or PMP preferred

Knowledge & Skills:

• Preferably some experience with vulnerability management across cloud environments such as Microsoft Azure, Amazon Web Services, or Google Cloud Platform.
• Have Microsoft server administration background (AD, Security, Azure, O365, etc.)
• Microsoft Certified: Security, Compliance, and Identity Fundamentals
• Microsoft Certified: Security Operations Analyst Associate
• Microsoft Certified: Azure Security Engineer Associate
• Experience with and understanding of various regulatory requirements, laws, and security frameworks, including but not limited to: NIST, PCI DSS, SOX, GDPR, CCPA, CIS, or SOC 2.
• Strong knowledge and experience in the areas below:
• SharePoint Online, Teams
• Have configured Office 365 services including Azure AD Connect, Teams, Intune, Azure AIP and DLP
• Intune (Conditional Access \ MDM \ MAM)
• Clients (Outlook, Outlook for Mac, IMAP, POP3, Mobile Devices)
• Permissions (Tenant \ Security & Compliance Center \ Exchange Online)
• PowerShell, bash, vb scripting skills desired.