PHEAA is seeking a Network Security Analyst to join our team. This position is responsible for all aspects of information security within the Agency, including the proactive monitoring of all information technology assets for potential security issues as well as the application of security best practices to mitigate risks within the organization. This position performs at a moderate level of complexity with a high level of proficiency under general supervision.
Security Technology and Controls Support
* Manage and support the security technologies within the team's jurisdiction (to include defensive and offensive security solutions on the perimeter and internal networks such as firewalls, intrusion prevention, data loss prevention, etc.).
* Research, design, participate in or lead the implementation of low to moderate complexity security initiatives.
* Identify, implement, and maintain the controls and procedures required to cost-effectively and uniformly protect the agency's information system assets.
* Monitor compliance and adherence to agency security policies and assist with violation investigations.
* Perform ongoing oversight of the vulnerability and security patch management programs.
* Deploy and administer vendor and internally developed software and procedures to address security requirements.
* Provide support and evidence collection for internal and external audits.
* Monitoring and processing of configuration change requests and service desk tickets.
* Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to detect actual or potential unauthorized access to the agency's networks and systems.
* Assist in the evaluation of the type and severity of security events.
* Resolve issues by taking the appropriate corrective action or by following escalation procedures.
* Conduct forensics investigations as required.
* Brief management on the status of security initiatives and effectiveness of controls.
* Assist with maintaining and testing the department's Business Continuity Plan.
* Remain current with industry specific and information security knowledge.
* Mentor less experienced team members.
Bachelor's degree in Computer Science or a related field with two to five years of relevant work experience in information security administration or the equivalent combination of skills, experience and/or certifications.
* Proficient with the implementation of security principles, risk assessment policies and standards, information security best practices, products and technologies, defense-in-depth strategies, and network technologies.
* Proficient knowledge of the National Institute of Standards and Technology (NIST) security controls family and guidance (especially NIST SP800-53).
* Experience with securing various operating environments including mainframes, servers, network hardware, and databases.
* Knowledge and experience in several of the following areas: access control, application development, database, encryption, network, mainframe, security controls, server hardening, and server patching technologies.
* Demonstrated ability to challenge the status quo, identify issues, and provide viable suggestions to improve procedures.
* Demonstrated effective skills with time management, prioritization, and attention to detail.
* Demonstrated analytical, critical thinking, and organizational skills.
* Possess a high level of integrity and ethics.
* Proficient in Microsoft Office suite.
* Current security-related industry certifications; application development experience, including the ability to create programs and scripts from scratch; automation of business processes; and experience conducting computer forensic investigations using proven principles and techniques.
PHYSICAL DEMANDS AND WORK ENVIRONMENT
* This position requires participation in a 24x7x365 on-call rotation. The frequency of the rotation depends on the number of members of the team. Internet connectivity from home is required as part of the on-call rotation.
Candidates will enjoy our comprehensive total rewards program offering Pennsylvania Employees Benefit Trust Fund (PEBTF) health/dental insurance and defined benefit plan, as well as life insurance, flexible spending accounts, tuition reimbursement, participation in a deferred compensation program, and generous paid vacations and holidays.
Created in 1963 by the Pennsylvania General Assembly, the Pennsylvania Higher Education Assistance Agency (PHEAA) has evolved into one of the nation's leading student aid organizations. Today, PHEAA is a national provider of student financial aid services, serving millions of students and thousands of schools through its loan guaranty, loan servicing, financial aid processing, outreach, and other student aid programs.
PHEAA's earnings are used to support its public service mission and to pay its operating costs, including administration of the Pennsylvania State Grant and other state-funded student aid programs. PHEAA continues to devote its energy, resources, and imagination to developing innovative ways to ease the financial burden of higher education for students, families, schools, and taxpayers.
PHEAA conducts its student loan servicing activities nationally as American Education Services (AES) and FedLoan Servicing (FLS). #LI-BS1 #Dice
PHEAA is an Equal Opportunity Employer
Department: Enterprise Security Office