IT Security Specialist
Position Number: 00104282
Primary Function of Organization Unit: The Security & Compliance Unit (S&C) within the Office of Information Technology oversees the security of the University's systems and data in a manner that is consistent with industry best practices and the University's compliance obligations. S&C develops (and ensures compliance with) information security policies/regulations/procedures, oversees implementation of strategic information security initiatives, provides routine security services, provides campus-wide software license management, coordinates IT resilience efforts and provides portfolio/project management guidance for OIT. The Information Security Services team in the OIT Security & Compliance unit provides a central contact point for campus IT security. Team responsibilities include the following: implementation of IT security standards and regulations, security incident handling, abuse complaint investigations, forensics analysis, network & email security monitoring, security consulting, vulnerability/threat assessments/scans, log management, litigation holds/e Discovery requests, data encryption solutions, and security awareness/training. The team evaluates and implements sophisticated security tools. The team consists of 5 team members and 1 director.
Essential Job Duties: The IT Security Specialist provides technical implementations and daily monitoring of the university's complex IT environment in accordance with best practices and standards such as PCI DSS (Payment Card Industry Data Security Standards), DMCA, FERPA, etc. Functions performed include internal vulnerability scanning, penetration testing, intrusion detection/prevention system management, security incident handling, technical security guidance on mobile device usage and wireless deployments, and daily monitoring as well as coordination of other required functions from other teams (e.g., firewall rule management, file integrity monitoring, hardening of servers).
Department Required Skills: Extensive knowledge of security standards such as PCI DSS, NIST 800-53 & ISO 27002 with experience implementing technical security controls such as log collection, security information and event management (SIEM), file integrity monitoring, wireless security, PAN data discovery tools, etc. and conducting technical security assessments. Exhibits comprehensive knowledge of the technical requirements of PCI DSS. Understands and can implement required controls such as file integrity monitoring (FIM) and PAN data discovery. Hands-on experience and expert technical knowledge in the use of tools to improve security such as anti-virus, vulnerability assessments and remediation, intrusion detection and prevention systems (IDS/IPS), SIEM, log monitoring/correlation, security incident tracking, internal and external penetration testing, forensics, advanced firewall and other network protection, end-point workstation security protection, cloud technology or encryption. Experience with implementing technical solutions that require assistance from multiple team members across the organization. Experience with scripting or other programming languages especially for automation, analysis system integration or system administration. Experience in developing strategies and/or solutions to address security issues and providing technical security advice to various clients. Effective communication skills. Demonstrated ability to work as an effective team member.
Preferred Experience, Skills, Training/Education: At least 5 years of hands-on technical experience in the information security field. Strong technical writing skills and experience with the development of technical and procedural documentation. Experience and knowledge of state government rules and regulations is helpful. Experience with coordination of multiple vendor solutions in a university environment. Networking knowledge of the OSI model, layer 2 and layer 3 switching packet analysis, TCP/IP. Experience using ServiceNow or a similar call tracking system. Advanced troubleshooting skills. GIAC or CISSP certificate is preferred Other SANS or vendor specific certifications in security topics are a plus.
Necessary Licenses and Certifications: N/A
AA/EOE: NC State University is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, gender identity, age, sexual orientation, genetic information, status as an individual with a disability, or status as a protected veteran.
Individuals with disabilities requiring disability-related accommodations in the application and interview process, please call 919-515-3148. Final candidates are subject to criminal & sex offender background checks. Some vacancies also require credit or motor vehicle checks. If highest degree is from an institution outside of the U.S., final candidates are required to have their degree verified at "www.wes.org":http//wes.org. Degree must be obtained prior to start date.
NC State University participates in E-Verify. Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States.