Job Summary

Responsible for building, operating and maintaining the IT security infrastructure for James Avery. This technical position involves management of identified threats and vulnerabilities associated with the company’s IT systems, infrastructure and software. Activities include IT security system administration, threat and vulnerability remediation and mitigation, security controls and policy adherence management, and support of security awareness training. In-depth knowledge of IT security practices, systems and networking is required. This collaborative role partners with internal customers and IT Support, Infrastructure, Application Engineering, Enterprise Applications teams and third-party auditors to fulfill operational duties.

WHAT YOU WILL BE DOING:

• Build, operate and maintain IT security infrastructure and applications to identify and reduce risk.
• Manage security controls in accordance with select cybersecurity frameworks.
• Collaborate with IT teams regarding controls implementation and adherence.
• Lead security event management, vulnerability assessment and intelligence correlation efforts.
• Reduce time-to-detect and time-to-remediate by leveraging IT security systems, event correlation and automation.
• Keep systems secure with security patches, definitions and configurations.
• Serve as primary contact for the Security Operations Center. Respond to and where appropriate, resolve or escalate reported security incidents.
• Report security exposures, misuse of resources or non-compliance situations using defined escalation procedures. Lead technical resolution efforts and provide postmortem analysis to identify issues and possible solutions.
• Collaborate with internal customers and IT teams to ensure new and existing features and services meet established security requirements.
• Support data encryption deployments, including certificate and key management.
• Monitor internal control systems to ensure appropriate information access levels and security clearances are maintained.
• Collaborate with IT teams and security vendors for enterprise testing and assessment activities.
• Lead technical remediation efforts required by audits, including collaborating with IT teams and documenting exceptions.
• Research threats identified in security alerts to determine risk and impact to Company systems.
• Review identified vulnerabilities and act where appropriate to mitigate and remediate vulnerabilities.
• Develop and maintain security system and procedural documentation.
• Provide operational reporting and updates to managers and executives.

WHAT IS REQUIRED:

• Bachelor’s degree in Information Systems, Information Technology or related field and four to eight years’ experience or equivalent combination of education and experience.
• One or more security certifications preferred including, but not limited to CISSP, GIAC, CISA, CISM, CRISC
• Demonstrated ability working as an advanced technical security analyst, including experience with security and event management, anti-virus, vulnerability analysis and remediation, incident and event technical response, identity and access management and penetration testing tools.
• Advanced knowledge in the following:
  • IT security-related system and application configuration, administration
  • Knowledge of network infrastructure, including virtualization, public and private clouds, routers, switches, firewalls, associated network protocols and concepts
  • Knowledge of Windows and Linux operating systems, associated protocols and security standards
  • Knowledge of TCP/IP networking including network-based administration and associated protocols.
• Must work well with other engineers and IT staff in a collaborative and iterative environment
• Experience communicating with non-technical stakeholders about security and risk

PREFERRED QUALIFICATIONS:

• Experience with regulatory frameworks
• System or network engineering experience
• Experience with Microsoft, Linux, Cisco, FortiNet or Oracle technologies