IT Security Administrator Location: Newport News, VA Long Term or FT
Primary focus of this position is Information Technology and Cybersecurity, planning and coordination of infrastructure security - including the setup of processes, system access procedures, encryption management, cloud applications, threat protection, network scans and system intrusion detection. The Information Technology Security Administrator plays a vital role in cybersecurity, identifying security vulnerabilities, monitoring intrusion attempts and identifying cybersecurity threats. Other critical duties include certificate management, conducting system and network vulnerability scans and security audits, responding to requests such as help desk tickets, telephone, email and in-person service
This includes troubleshooting hardware and software related issues.
- Evaluates, plans, coordinates, implements, and manages IT security measures to protect data, software, and hardware. Translates security policies and procedures into technical architectures.
- Ensures fulfillment of legal and contractual information security and privacy mandates, to include providing IT management with compliance reports and audit findings.
- Provides leadership in each annual internal security audit, which includes preparation, gathering of evidence and working with the internal security auditor to ensure a satisfactory audit result.
- Analyzes and coordinates mitigation of all negative findings from the annual internal security audit.
- Designs, implements and monitors deployment of active directory group policy objects (GPOs).
- Monitors for and responds to malware, viruses and cybersecurity treats.
- Administers security tools and software to ensure compliance with organizational policies and procedures as they pertain to system hardening, patching, hotfixes and preventive measures.
- Monitors and audits server event logs on a regular basis.
- Monitors and audits VEEAM backups of virtual and physical server instances. Performs regular disaster recovery exercises of server instances.
- Requests, installs and renews computer, server, machine and code-signing certificates.
- Coordinates and performs data recoveries and retention for legal mitigations.
- Provides security related leadership, guidance and training to end users and IT staff.
- Reviews, implements, updates and documents company wide information security policies and procedures.
- Handles support requests via help desk tickets, phone and email or in person.
- Conducts Windows server builds and performs server maintenance tasks.
- Gathers data pertaining to customer needs, and use the information to identify, predict, interpret, and evaluate system and network requirements.
- Monitors and audits user accesses, permissions and rights assignments.
- Creates and maintains DNS and DHCP records and reservations.
- Creates VPN accounts, issues smart cards and installs client/keys on user’s computer.
- Maintain an inventory of technology equipment and software.
- Stays informed of current technology, trends and best practices related to networking, computer systems, cybersecurity, and applicable IT government regulations. Analyzes and recommends changes and upgrades to staff and IT management.
- Manages IT Security and other IT department projects.
- Protects organization's value by ensuring integrity and confidentiality of sensitive data.
Bachelor's degree in Cybersecurity, Computer Science, Computer Engineering, Information Technology or related discipline and minimum 4 years of IT administration, operations, and maintenance experience focused on security relevant technologies; or combination of equivalent education, training, certification and 8 years relevant experience. In addition, must have at least one of the following security certifications: CISSP: Certified Information Systems Security Professional; CEH: Certified Ethical Hacker; CISM: Certified Information Security Manager; GIAC: Global Information Assurance Certification. Server+, Network+, Security+ preferred. Technical Certification in Microsoft technologies, preferred (MCSE/MCSA).
- Strong working knowledge of IT security technologies and familiarity with systems, hardware and software.
- Knowledge of IT security principles and best practices.
- Knowledge of IT vulnerabilities and protection methods.