- Documentation and Runbook Development
- Develop and maintain detailed documentation and playbooks for daily, weekly, and monthly information security operations, including incident response procedures and system maintenance tasks.
- Create and update checklists for operational tasks, such as patch management, vulnerability scans, and access control reviews.
- Format and standardize information security policies, procedures, and guidelines for clarity and accessibility.
- Logging and Alert Configuration
- Configure logging mechanisms for security tools (e.g., Graylog, NXLog, Logstash FortiAnalyzer) to capture relevant security events and system activities.
- Set up and fine-tune alert rules for real-time detection of security incidents, such as unauthorized access attempts or anomalous network traffic.
- Monitor and validate log integrity and retention policies to ensure compliance with organizational and regulatory requirements.
- Creating Automations and Workflows
- Develop automated scripts (e.g., using Python or PowerShell) to streamline repetitive security tasks, such as log analysis, vulnerability scanning, and report generation.
- Create workflows to automate incident response processes, including ticket creation, escalation, and notification for security events.
- Integrate automation tools with existing security platforms (e.g., SIEM, ticketing systems) to improve operational efficiency and reduce response times.
- Risk and Compliance Support
- Collect and organize data for risk assessments, including asset inventories, vulnerability scan results, and threat intelligence feeds.
- Support compliance audits by preparing documentation and evidence for frameworks like IRS Publication 1075 and PCI DSS.
- Track and report on remediation efforts for identified vulnerabilities and compliance gaps.
- Data Reporting and Metrics
- Collect and analyze data from security tools (e.g., firewalls, IDS/IPS, endpoint protection platforms) to generate metrics on vulnerabilities, incidents, and system performance.
- Develop automated scripts (e.g., using Python or PowerShell) to streamline data collection and reporting processes.
- Operational Support:
- Assist in the execution of operational tasks, such as user access reviews, security patch verification, and backup validation.
- Support the ISO in coordinating incident response drills and tabletop exercises.
- Perform additional tasks as directed to support information security initiatives.
|
- Agreement to follow IRS Pub 1075 Requirements
- Agreement to State background check
Education - Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field preferred.
Technical Skills - Strong working knowledge of computer networks, Windows, and Linux.
- Proficiency in configuring and managing SIEM tools.
- Experience with scripting languages (e.g., Python, PowerShell) for automation and data processing.
- Familiarity with security tools, such as firewalls, IDS/IPS, endpoint detection and response EDR), and vulnerability scanners (e.g., Nessus).
- Experience as a database administrator (Oracle/SQL Server/Postgres) a plus.
Soft Skills - Strong attention to detail and documentation skills.
- Ability to communicate technical concepts clearly to non-technical stakeholders.
- Strong organizational and time-management skills.
Preferred Knowledge - Understanding of information security frameworks (e.g., NIST, CIS).
- Familiarity with compliance requirements (IRS Pub 1075, PCI DSS).
- Experience with data visualization tools (Excel).
Certifications (preferred but not required) - CompTIA Security+, Certified Information Systems Security Professional (CISSP), or equivalent.
|