Senior Information Security Job Description
Senior Information Security Duties & Responsibilities
To write an effective senior information security job description, begin by listing detailed duties, responsibilities and expectations. We have included senior information security job description templates that you can modify and use.
Sample responsibilities for this position include:
Senior Information Security Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Senior Information Security
List any licenses or certifications required by the position: CISSP, CISA, SANS, GIAC, CISM, PNSE, CCNA, CE, DOD, OSCP
Education for Senior Information Security
Typically a job would require a certain level of education.
Employers hiring for the senior information security job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Primary Degree in Computer Science, Engineering, Information Security, Technical, Information Technology, Education, Science, Technology, Mathematics, Information Systems
Skills for Senior Information Security
Desired skills for senior information security include:
Desired experience for senior information security includes:
Senior Information Security Examples
Senior Information Security Job Description
- Review security-related technical aspects of proposed key initiatives as part of Corporate Security Solution Assurance Process (CSSAP) sign-off
- Help Cloud Development and Operations, IT Security and Risk Management teams, and the Global Business Unit (GBU) organizations identify specific security-related infrastructure, architecture and design improvements, and work with these delivery organizations to carry them out
- Guide Cloud, IT, major lines of business and GBU security leads in aligning initiatives with corporate information security goals throughout the project life cycle - from inception through implementation
- Building and developing the capability and competency of the IS Project Consultants and Analysts to drive engagement, efficiency and effectiveness of the team
- Manage and perform assessments of information security risks on a regional and local basis
- Assist with control implementation
- Identify potential IT security incidents and perform triage of incoming security threats by performing preliminary and secondary analysis of those events
- Provide analysis and support to include identifying potential threat, anomalies, and infections
- Analyze traffic flows, system logs, Perform risk assessments and testing
- Respond to requests for and perform technical support to end users on a variety of IT and security issues
- Requires Bachelor's degree (in field mathematics, telecommunications, electrical engineering, computer engineering, computer science) or equivalent and significant experience with information networks and the security aspects
- Deep knowledge of IT security and Risk disciplines and practices, particularly as it relates to IAM
- Act as spokesperson and expert in information security, risks management and compliance for the Managed Services teams and customers
- Produce and maintain business risk and impact analysis
- Must have experience in rationalizing incoming threat intelligence information and relating it to existing SIEM rules
- Must have programming experience with emphasis on scripting languages such as Perl, Python, PHP, etc
Senior Information Security Job Description
- Plan for and manage the implementation of future data integrations, eg Device and Technology data from Service Now
- Manage and maintain the security policy, including
- Work with the EGSO Metrics & Reporting team to ensure that all required data from Archer is transferred securely to any reporting or dashboard systems and that it is timely, accurate and formatted as needed
- Maintain user training materials and publish updates in a timely manner
- Perform a monthly review of EGSO privileged access
- Act as the approver for users needing Archer access for security activities
- Oversee and manage the work of any third parties making updates or changes to the Archer implementation to reduce disruption and impact
- Gather feedback from system users to identify and implement improvements and efficiencies
- Collaborate with Cloud Development and Operations, IT Security and Risk Management teams, and the Global Business Unit (GBU) organizations' on development and maintenance of cloud security reference architecture to include assessment of specific security-related infrastructure, consulting on architecture and design improvements, and working with delivery organizations to carry them out
- Experienced in the ICD 503 RMF process
- Knowledge of Risk Management Framework (RMF) security controls
- Certification CISSP, Security+ CE or DoD 8140 equivalent
- Consulting and/or audit services background with a focus on information security and compliance
- Presentation experience with focus on information security topics
- Provide technical leadership, standards and best practices to Technology teams during design, build, configuration and maintenance phases of initiatives/projects involving security tool
- Provide level 3 support to resolve technology incidents involving security tools
Senior Information Security Job Description
- Monitor relevant regulatory changes and assist in developing internal controls accordingly
- Administration of an Information Security Awareness Program (training administration and communications management), and
- Provide support in the maintenance and execution of an Incident Response Plan, including monitoring of security controls (event reports, ) and coordination of appropriate response activities
- Perform general administrative duties to support Information Security operations
- Demonstrate understanding of Issuances released by Joint Force Headquarters- DOD Information Networks (JFHQ-DoDIN) and US Cyber Command (USCYBERCOM) and impact on the Agency in order to provide analysis and recommendations
- Analyze the impact of operational decisions on all upward reporting and metrics
- Provide project management support for cybersecurity contract to include identifying stakeholders, producing charters, creating work breakdown structures, establishing meetings in Outlook, conducting meetings, sending agendas, ensuring meeting minutes distributed
- Support day to day operations for enterprise-wide PKI and Identity Protection and Management program in accordance with DoD governing policy
- Perform duties as a DHA Registration Authority (RA)/Local Registration Authority (LRA)
- Provide management support for the DHA Information Assurance Vulnerability Management (IAVM) program, including oversight and management of the Defense Information Systems Agency (DISA) Vulnerability Management System (VMS) and the USCYBERCOM Information Assurance Vulnerability Management (IAVM) system
- Mix of security assessment capabilities, audit background is important but emphasis is on Unix (highly preferred)
- Network and/or Mainframe Infrastructure background is an asset
- Ability to communicate effectively, verbally and in writing, with multiple audiences, including the ability to clearly and simply restate complex issues and to edit written materials
- Experience in manually detecting various Web based security vulnerabilities like SQL Injection, Cross Site Scripting (XSS), CSRF and Session Hijacking Threat Modeling of various sector applications
- A general technical knowledge of security and IT related technologies
- Ability to communicate clearly and concisely in verbal, written and electronic form
Senior Information Security Job Description
- Participate in planning efforts to achieve business goals by coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology
- Serve as a senior internal information security consultant to the organization through providing subject matter expertise as it relates to new services, products and projects
- Keep up to date on emerging security trends, new methods and attack vectors frequently used to obtain unauthorized access to data in order to proactively reduce the risk of a possible system breach
- Strong foundational knowledge of static/dynamic code scanning and integration with the SDLC, including working directly with developers for them to understand findings and remediation steps
- Review architectural designs and participate on the Security Architecture Committee
- Detailed technical knowledge of common Application Security Vulnerabilities and flaws including OWASP Top Ten
- Familiar with both Waterfall and Agile development methodologies
- Experience with consulting on numerous complex projects and enabling the business to move forward with the appropriate controls in place or with appropriate mitigations in place to reduce the risk to an acceptable level
- Demonstrated experience in Information Security related to IT controls and project management
- Info Security designations required
- Must have database security experience
- OHost IPS and Web content filtering
- OSecurity Information & Event Monitoring (SIEM)
- OTCP/IP, Solaris, UNIX/AiX, Windows Server
- OVirtual Private Networks
- OPacket analysis & inspection
Senior Information Security Job Description
- Perform all tasks required including reporting, monitoring, and turnover
- Acts as a security generalist working mainly on incident response/investigation and SOC activities with occasional exposure to GRC policy assessments and vendor questionnaires
- Provides detailed and thorough written analysis results for incidents/events to appropriate parties
- Works closely with Senior Engineers, located onsite in Dallas, who can provide hands-on work with technical projects and mentorship
- Works to define processes, runbooks and automation to insure consistency and efficiency in work effort
- Coordinates with and maintain highly collaborative relationships with vendors
- Collaborates with international SOC teams who are monitoring daily activity
- Work alongside a tactical arm of the team, conducting computer forensic analysis, data recovery, and other IT investigative work
- Analyzes internal & external threat intelligence & applies to proactive cyber hunt activities
- Act as escalation point for security services incidents or complex changes
- Knowledge of information systems and reporting operations, accounting procedures and budget management
- Working knowledge of common operating systems (Windows, Linux, ) and basic endpoint security principles
- Knowledge of common networking services and protocols (TCP/IP, SSH, FTP, DNS, DHCP, SMTP, SSL)
- 3+ years of experience in Information Security, Incident Response, (or related field)
- Risk Management Framework experience a plus
- Microsoft and VMware certifications a plus