IEEE · 1 week ago
Information Security Analyst II (E5122)
Piscataway, NJ
Full-time
Onsite
Mid Level
4+ years expIEEE is an organization dedicated to advancing technology for humanity, and they are seeking an Information Security Analyst II to protect the security and integrity of their data. The role involves implementing security measures, conducting audits, and providing technical guidance to ensure compliance with security policies and best practices.
Non-profit Organization Management
No H1B
Responsibilities
Proactively identify and remediates vulnerabilities using industry best practices and maintains a strong awareness and understanding of the current threat landscape
Performs internal and external security audits to ensure compliance with agreed security practices, policy and procedures to adhere with legal and regulatory requirements
Identifies security policy violations and leads in the corrective actions to maintain data and infrastructure security
Provides guidance and technical expertise to other technical employees and project teams and enforces established security policies
Assists project teams with the application and implementation of IEEE security policies, standards, processes and agreed architectures
Makes recommendations for enhancing security services, participates and, at times, leads the evaluation of commercial information security products and services to determine which of these should be adopted by or tested by the organization
Assists with the installation, maintenance and support of information security tools and services including, but not limited to, identity and access management systems including single sign on (SSO)
Participates in development and update of security policies, procedures, standards, guidelines, and architectures
Assists with the execution vulnerability and penetration tests of IEEE network and systems including the remediation of findings
Assists with the investigation of security incidents, recommends and implements solutions to remediate or mitigate them
Assists in the formulation and enforcement of security policies and procedures
Qualification
Required
Bachelor's degree or equivalent experience Bachelor's Degree in computer related field such as Computer Science, Mathematics or Engineering. In lieu of a degree equivalent experience will be considered
At least 4 years direct experience involving security, network architectures and Internet communications protocols (TCP/IP), monitoring and intrusion prevention strategies (e.g. Firewalls, Security Event Correlation, Malware Detection, IDS/IPS), Identity & Access Management technologies and concepts (Enterprise Directory Services, Virtual Directory, Enterprise Single Sign-On / Web Access Controls and Authorization models) in a large, distributed, high performance, business critical networked environment
Knowledge or familiarity of security technologies and concepts, including but not limited to, encryption, Public Key Infrastructure (PKI), two factor authentication, network security (firewall, intrusion detection / protection, and network anomaly detection), host based security (Anti-malware, firewall, intrusion detection / protection, patch management and file integrity), web application security (web application firewall, secure application development, authentication, session management, access control, single sign-on and error handling), database security (authentication, access control, auditing and integrity), secure remote access (VPN, terminal and console), security data analysis (security event monitoring, correlation, analysis and response)
Knowledge or familiarity on conducting and mitigating security/risk assessments
Knowledge of Authentication & Authorization technologies (LDAP, RADIUS, Two-factor authentication, SAML, OpenToken, OAuth, etc.)
Knowledge and experience installing and administering Enterprise Directory Services technologies, such as; Oracle Unified Directory, Oracle Virtual Directory, OpenLDAP, and Microsoft Active Directory
Knowledge or familiarity installing and administering Enterprise Single Sign-On (ESSO) and Access Management (AM) technologies, such as; Computer Associates SiteMinder, Oracle Access Manager, IBM Tivoli, PingFederate, PingAccess and OpenSSO / OpenAM
Knowledge and experience Windows Active Directory
Knowledge of Self Service Account Management technologies, concepts and best practices, such as; Identity validation, user provisioning, self-service password recovery and automation workflows (i.e. Self Service Access requests)
Good understanding of a programming language (e.g. Java, C, Perl), HTML/XML and Unix “shells” scripting (e.g. CSH, KSH, SH)
Excellent communication skills (written and verbal) and able to articulate key messages to a range of audiences
Ability to work alone and build relationships across the organization
Anticipates problems and identifies long-term implications of decisions and actions
Familiarity with server operating systems, such as; Windows, Linux & Solaris
Preferred
Relevant professional qualifications / certifications (CISSP, CEH, CISM, CISA, CSSLP, SANS, CHECK, CREST) a plus
Familiarity with web application security concepts, such as; secure application development, secure session management, cryptography, input validation, logging and error handling a plus
Familiarity with load balancer technologies and ESSO integration capabilities is a plus
Familiarity of Authentication, Authorization concepts, such as; Identity Federation, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), RADIUS / TACACS a plus
Company
IEEE
IEEE is the world’s largest technical professional organization and is a public charity dedicated to advancing technological innovation and excellence for the benefit of humanity.
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Sophia Muirhead
IEEE Executive Director and Chief Operating Officer
Adarsh Ravi
Founder & Chair - IEEE Microsystems Boston Chapter
Recent News
2024-05-28
2024-05-24
2024-05-21
Company data provided by crunchbase