IT Information Security Administrator
The Information Security Administrator is a hands-on role that requires a high level of technical expertise. The person in this position is responsible for a broad range of tasks, including the day-to-day administration of cybersecurity tools and devices, as well as first-level and second-level support for security information and event management (SIEM). This role also includes significant responsibilities for the security administration of a wide variety of IT systems across the enterprise.
The individual in this position interacts closely with product vendors and service providers, with personnel from various IT functional areas - including application development, operations and network, and telecommunications - and with business departments.
ESSENTIAL DUTIES:
• Performs user and access administration on designated systems and applications, in accordance with the defined policies, standards and procedures of the organization
• Performs system security administration on designated technology platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines
• Performs installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems
• Performs threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities
• Applies patches where appropriate and, at the direction ofIT Infrastructure Managerremoves or otherwise mitigates known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards
• Locates and repairs security problems and failures
• Collates security incident and event data to produce monthly exception and management reports
• Performs normal and exceptional processing of user access and change requests, escalating such requests when appropriate
• Reports unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes
• Assists and trains junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
• Develops and maintains documentation for security systems and procedures
• Researches, recommends, evaluates, and implements cybersecurity solutions that identify and/or protect against potential threats, and respond to security violations
• Provides guidance to junior members of the team
MINIMUM REQUIREMENTS:
Education:
Bachelor’s degree in information systems, or equivalent work experience
Work Experience:
2+ years of IT or network security experience
Physical:
Able to sit/stand using a PC, keyboard, and mouse for extensive periods. Able to drive to other Gregory Poole’s locations when needed.
Other:
Must have good customer relations skills to interact with internal customers and vendors.
Technical Competency:
• Knowledge of cybersecurity principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management
• Technical proficiency with security-related systems and applications, especially Microsoft Operating System, Microsoft 365 E5 protection functions, Microsoft Intune, Cisco and Meraki security, switching, and firewalling appliances
• Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts
• Strong knowledge of TCP/IP and network administration/protocols
● In-depth knowledge of Gregory Poole's operating systems and security applications, as well as a working knowledge of basic network protocols and tools, is also required.
This job description is not intended to be all-inclusive. Your supervisor may request and assign you similar duties. Any major modification of this job role requires Human Resources approval.
Gregory Poole Equipment Company is an Equal Opportunity/Affirmative Action employer and will consider all qualified applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.