It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
The Security Administrator I – Firewall provides support to the Department of Health and Human Services, Indian Health Services (IHS). This position is responsible for executing and assisting in the completion of security certifications and for providing support in the development and implementation of a program to manage all aspects of compliance with government regulations.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge / quality of work, supporting financial goals of the company, initiative / motivation, cooperation / relationships, problem analysis / discretion, accomplishing goals through organization, positive oral / written communication skills, leadership abilities, commitment to Affirmative Action, reliability / dependability, flexibility and ownership / accountability of actions taken.
Provides technical evaluation and analysis of prospective cybersecurity solutions, and advises on complex security procedures and products.
Provides recommendations for new and innovative automated tools for enhancing cybersecurity capabilities.
Supports cybersecurity activities, processes and/or tools related to network monitoring, threat detection and incident response.
Possesses a firm understanding of network and security architecture, and reviews or develops well-written evaluations and reports to the security engineer.
Understands technical and conceptual cybersecurity policy and concepts, and is able to apply understanding to the research, review, implementation and maintenance of automated tools.
Undertakes technical activities associated with protecting the federal network against data loss or IT asset performance disruption in compliance with federal requirements, and with addressing or mitigating risks and vulnerabilities.
Reviews and defines security controls to develop system security plans, and participates in the security assessment activities to acquire or maintain authorization to operate.
Develops related policies and procedures to standardize security functions and eliminate potential vulnerabilities and threats.
Is familiar and capable with firewall rule management and with industry threat-monitoring tools, especially Splunk, and also BigFix, ForeScout, Tenable, etc.
Provides technical evaluation and analysis in specific Security area.
Supports activities, process and tools needed to improve overall security posture of the organization.
Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs and creates documentation.
Performs investigation and data loss prevention, data manipulation and coordination of activities.
Performs actions to address or mitigate risks and vulnerabilities. Reviews and defines controls. Advises on more complex security procedures and products for clients, security administrators and network operations.
Participates in enforcement of control security risks and threats; potential of one more controls subject to manager discretion. Shares knowledge with staff.
Conducts security assessments and other information security routines consistently.
Investigates and recommends corrective actions for data security related to established guidelines.
Develops policies and procedures to standardize security functions and eliminate potential vulnerabilities and threats. Oversees that business needs are being met during development.
Responds quickly and effectively to incidents and customer requests, per SLA times, to resolution.
Exercises multi-tasking skills by managing events in multiple systems, applications, and other priorities.
Collects, summarizes, and documents security event information according to event time.
Works with the front-end user interface for security software, ticketing systems, intrusion detection systems, and any other security system or appliance. Responds to computer security incidents without delay by gathering supporting information, evaluating the situation, and responding or escalating to the team for resolution.
Manages and works to resolve computer security incident tickets to meet guidelines set by security level agreements (SLA).
Manages and escalates security events according to customer service level agreements and criticality.
Assist with post-mortem forensic analysis when security breaches or viral outbreaks occur.
Monitors IT layered security infrastructure and communicates security events and incidents to the appropriate management level and team.
Monitors and analyzes data from security tools to formulate recommended security actions and process improvements to bolster IT security posture.
Coordinates with NOSC Infrastructure Support team to maintain/troubleshoot defense perimeter and monitoring integrity.
Performs reviews and audits of mixed Unix and Microsoft Windows environments, including network devices, databases, web services, and enterprise applications, for system anomalies and user behaviors.
Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support IHS's Enterprise Risk Management Framework.
Analytical Thinking – Knowledge of techniques and tools that promote effective analysis and the ability to determine the root cause of organizational problems and create alternative solutions that resolve the problems in the business's best interest.
Effective Communications – Understanding effective communication concepts, tools and techniques; ability to effectively transmit, receive, and accurately interpret ideas, information, and needs through appropriate communication behaviors.
Information Assurance – Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
Information Security Management – Knowledge of and the ability to manage the processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
Information Security Technologies – Knowledge of technologies and technology-based solutions dealing with information security issues.
IT Environment – Knowledge of an organization's IT purposes, activities and standards; ability to create an effective IT environment for business operations.
IT Standards, Procedures & Policies – Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures.
IT Systems Management – Knowledge of and ability to utilize a variety of technical tools and techniques to guarantee service availability and ensure IT system performance.
Problem Solving – Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply this knowledge appropriately to diverse situations.
Software Security Assurance – Knowledge of and the ability to detect and prevent data security vulnerabilities of coding throughout the software development life cycle within software development organizations.
Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and coworkers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.
EDUCATION / EXPERIENCE
Bachelor’s degree and three (3) years’ of industry-relevant experience; or equivalent combination of education / experience. A comparable combination of education and experience (including military service) may be considered in lieu of a degree. Requires a firm understanding of network and security architecture, and includes reviewing and providing written reports to the security engineer.
CERTIFICATES, LICENSES, REGISTRATION
Must be able to obtain government security clearance
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Specialized knowledge and advanced skills in the tools, concepts, practices and procedures of security incident management, threat intelligence and continuous monitoring
Knowledgeable of security-related processes with respect to Federal risk and compliance regulations best practices
Ability to read, analyze, develop and interpret common information systems security documents
Expert computer skills with advanced proficiency in a Windows and Linux based computer environment
Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues
Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management and federal staff)
Exceptional customer service skills with ability to respond to requests in a professional, helpful and timely manner
Highly organized with ability to effectively manage multiple projects and priorities
Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to incident response and continuous monitoring capabilities
Ability to effectively work both independently and in a team environment for the successful achievement of goals
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference and volume. Ability to apply concepts of basic algebra and geometry.
Ability to define problems, collect data, establish facts and construct a recommendation with multiple courses of action to resolve issues. Ability to interpret an extensive variety of technical instructions in theory or diagram form and deal with several abstract and concrete variables.
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, procedure manuals, and system security plans. Ability to effectively present information and respond to questions from groups of managers, clients, customers and the general public.
The physical demands described here represent those that an employee must meet to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment where the employee is regularly required to sit. Regularly required to use hands to finger, handle, or feel, reach with hands and arms to manage objects and operate tools, computers, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. This job's specific vision abilities include close vision, distance vision, depth perception, and the ability to adjust focus. Employee is exposed to general office noise with computers, printers, and light traffic.
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protects status.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!