Information Security Consultant - IAM Focus

ABOUT THE JOB:

This individual is responsible for leading in the design, implementation and integration of advanced security operations solutions , mainly focused on Identity and Access Management.The Information Security Consultant will also provide technical security guidance to all aspects of the IAM Program.Additionally will supports Information Security Engineer and Architects in strategic planning, new tool selection and process improvements.

WHAT YOU WILL DO IN THE ROLE:

Design, Integration, and Management of Advanced Security Operations solutions focused on Identity and Access Management. Build and enhance existing toolsets , policies and processes to reduce risk profile. Also provide ability in writing custom security scripts and utilities to enhance processes such as logging and monitoring capabilities.


Work with the appropriate IT Teams to create and maintain applicable security standards for focused in IAM and assist in assessments in Vulnerability Management, and IT systems such as Networks, Windows, Linux,Database, Endpoint Security, etc.


Maintain and Implement Incident Handling Plan, serve as incident responders performing initial forensics and incident handling capabilities and plan, coordinate, and perform security testing exercises such as Pen Testing and Tabletop Exercises.


Develop strategies to improve efficiencies using automation and orchestration solutions to reduce manual work that can be done programmatically.


Lead the creation and maintenance of documentation related to NCCI’s security framework, program, and standards where applicable to role


WHAT YOU MUST BRING TO THIS POSITION:

  • A bachelor's degree and a minimum of six (6) years of experience in an intermediate level Information Security role with proven expertise in multiple aspects of security and IT operations
  • At least one advanced information security certification such as CISSP, SANS GIAC, CEH, etc.
  • Intermediate scripting experience with knowledge of programming languages such as PERL, Java, .NET, etc.
  • Advanced Knowledge of Identity and Access management including Role Design, Campaign Design, Source System Integration, etc.
  • Advanced Knowledge of security aspects for multiple operating systems, networking technologies, encryption technologies, and applications
  • Advanced knowledge of Information Security concepts, principles, and practices
  • In lieu of the degree, additional work experience and/or trade school or applicable certifications. Years of experience requirement can be offset with demonstrated NCCI knowledge of security solutions and proficiencies in various infrastructure platforms (e.g., window servers, Unix, etc.)
  • Knowledge of network security technologies such as Firewalls, VPN, IDS/IPS, Cloud Security, etc.
  • Knowledge of continuous monitoring principles including threat management, SIEM, File and Database Activity Monitoring, and Incident Response
  • Experience with Sailpoint, Cyberark tools a plus.
  • Knowledge of Secure Coding principles
  • Detailed knowledge in multiple security domains inclusive of Security Management, Access Control Systems and Methodology, Network Security, Cryptography, Operations Security, Application and System Development Security, Threat Management and Incident Response.
  • Detailed knowledge of security control frameworks, standards, governance and security best practices.
  • Proven ability to work independently with guidance in only the most complex situations
  • Excellent organizational, planning, written and verbal communication skills.
  • Strong client facing skills with ability to deal and lead conversations with large technically diverse teams.
  • Organized, responsive and highly thorough problem solver with strong ability solve complex problems, analyze information, identify and assess risks and make tactical and strategic recommendations.
  • Experience driving measurable improvement in security operations and risk reduction within the organization
  • Excellent time management skills to aid in meeting specific goals and plans to prioritize, organize, and accomplish.
  • Proven learning agility and seeks to excel, be curious and adaptable
  • Ability to act as lead in managing security related projects and investigations.
  • Ability to maintain a high level of professionalism and confidentiality.
  • Ability to work well under pressure.
  • Ability to be on-call and work outside of regular business hours as needed.

WHAT WILL MAKE YOU A MORE VIABLE CANDIDATE:

  • Additional advanced information security related certifications from SANS GIAC (Global Information Assurance Certification); ISACA, ISC2, etc.