IT Security Professional II

Job description

Posting Number:

PG190883EP

Internal Recruitment :

No

Working Title:

IT Security Professional II

Anticipated Hiring Range:

$90,000 - $95,000

Work Schedule:

8:00 am - 5:00 pm with additional hours as needed: on-call rotation

Job Location:

Raleigh, NC

Department :

Security & Compliance

About the Department:

The Security & Compliance Unit (S&C) within the Office of Information Technology oversees the security of the University’s systems and data in a manner that is consistent with industry best practices and the University’s compliance obligations. S&C develops (and ensures compliance with) information security policies/regulations/procedures, oversees implementation of strategic information security initiatives, provides routine security services, provides campus-wide software license management, coordinates IT resilience efforts and provides portfolio/project management guidance for OIT.

The Information Security Services team in the OIT Security & Compliance unit serves as the central point for information security on campus. The team works on developing security standards, improving the security posture of the University and ensuring compliance with legal and regulatory requirements. Duties include security monitoring, incident handling, abuse reports and security consulting. The team consists of eight team members and one director.

Essential Job Duties:

  • The Information Security Analyst II will be responsible for providing IT security services to customers within the university. This includes the development and use of inter-operational processes and procedures. Working with more senior analysts to deliver high-quality first and second tier information security response functionality. Perform multiple assigned technical tasks including monitoring, research, and analysis using security tools.
  • This individual will utilize network security products, technology, threat and vulnerability detection, and specialized skills that monitor security systems and events to detect and investigate threats. The individual works regularly with internal and external users to remediate these incidents. Serve as a contact for security incidents, monitoring incident queues and addressing requests appropriately through ticket escalation and resolution. This individual is expected to possess professional, operational, and interpersonal skills to function effectively in collaboration with internal and external customers. The candidate should possess skills that include networking, security technologies experience, understanding of security best practices, written and oral communications and must be detail oriented and customer-focused.

Duties and responsibilities:

  • Act as main investigator for potential incidents identified by Tier 1 analysts.
  • Operate autonomously to further investigate and escalate in accordance with protocols and contractual SLAs
  • Collaborate across organizational lines and develop depth in your desired cyber discipline and/or technologies.
  • Provide teaching / mentoring to SOC Tier 1 Analysts
  • Monitor and identify cybersecurity/information technology related incidents that involve enterprise systems, research data, and data including personally identifiable information (PII).
  • Detect, investigate and report cybersecurity incidents.
  • Create cybersecurity reporting metrics
  • Develop and maintain SOPs to help analysts respond to cyber threats.
  • Maintain chain of custody in accordance with incident handling procedures and in compliance with applicable regulations and frameworks such as NIST 800-171, HIPAA, PCI DSS, etc.
  • Monitor security threat feeds, articles and reports to remain up to date on the latest security risks, threats, and technology trends.
  • Must have strong analytical skills. Must be able to study computer systems, user behavior and assess any potential risks with consideration of possible solutions.
  • Understand and stay current with current security trends and indicators of compromise to understand potential issues
  • Knowledge of networking, computer administration, and common protocols used in a network environment
  • Familiarity with applicable policies and regulations to evaluate risk and develop solutions and enforce as appropriate
  • Interpret incoming tickets and notifications from internal and external sources to appropriately assist users or properly escalate incidents.
  • Ability to work with teams to prioritize security needs and effectively collaborate with IT professionals to implement the needed security controls.
  • Follow up on escalated tickets to resolve technical issues with users.

Other Responsibilities:

  • Other duties as assigned.

Minimum Education and Experience:

  • Master’s degree and at least one year of relevant experience; or Bachelor’s degree with at least two years’ of relevant experience; or an equivalent combination of education, training and relevant experience.
  • A minimum of five years of hands-on technical experience in the information security field.

Other Required Qualifications:

  • Strong technical writing skills and experience with the development of technical and procedural documentation.
  • Experience and knowledge of state government rules and regulations is helpful.
  • Experience with coordination of multiple vendor solutions in a university environment.
  • Ability to develop solutions to automate security tools and processes.

Preferred Qualifications:

  • GIAC (Global Information Assurance Certification) or CISSP (Certified Information Systems Security Professional) certificates are preferred.
  • Other SANS (Subject Alternate Name) or vendor specific certifications in security topics are a plus.
  • Experience in addressing complex issues, analyzes client needs and advises on effective and appropriate solutions.
  • Regularly collaborates with management and other OIT/campus staff to develop tactics for security solutions inline with the university’s cybersecurity strategic plan.
  • Experience or equal understanding of a risk based approach to security.
  • Experience creating executive level security metrics.
  • Three or more years of hands-on technical experience in the information security field.
  • Strong technical writing skills and experience with the development of technical and procedural documentation.
  • Experience and knowledge of state government rules and regulations is helpful.
  • Experience with coordination of multiple vendor solutions in a university environment.
  • Experience using ServiceNow or a similar call tracking system.
  • Advanced troubleshooting skills.

Required License(s) or Certification(s):

N/A

Valid NC Driver's License required:

No

Commercial Driver's License required:

No

Job Open Date:

04/01/2021

Anticipated Close Date:

Open Until Filled.

Position Number:

00108449

Position Type:

EHRA Non-Faculty

Full Time Equivalent (FTE) (1.0 = 40 hours/week):

1.00

Appointment:

12 Month Recurring

Mandatory Designation - Adverse Weather:

Mandatory - Adverse Weather

Mandatory Designation - Emergency Events:

Mandatory - Utilities/Infrastructure Failure

Is this position partially or fully funded on ARRA stimulus monies?:

No

Department ID:

511001 - Security & Compliance

AA/EOE:

NC State University is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, gender identity, age, sexual orientation, genetic information, status as an individual with a disability, or status as a protected veteran.

If you have general questions about the application process, you may contact Human Resources at (919) 515-2135 or [email protected] Individuals with disabilities requiring disability-related accommodations in the application and interview process, please call 919-515-3148.

Final candidates are subject to criminal & sex offender background checks. Some vacancies also require credit or motor vehicle checks. If highest degree is from an institution outside of the U.S., final candidates are required to have their degree equivalency verified at www.wes.org or equivalent service. Degree(s) must be obtained prior to start date in order to meet qualifications and receive credit.

NC State University participates in E-Verify. Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States.

 

 

 

Diversity Profile: University

 

AAUP COMPENSATION SURVEY DATA

View more

Learn more on Inside Higher Ed's College Page for University

Arrow pointing right
Job No:
Posted: 4/2/2021
Application Due: 7/1/2021
Work Type: Full Time
Salary: