Infrastructure Security Analyst
Company: PHEAA
Location: Harrisburg
Posted on: January 21, 2023
Job Description:
Job Description
PHEAA is a nonprofit student aid organization that holds a mission
of providing affordable access to higher education.
Give back tomorrow by joining us today!
Salary: Grade 16
Location: Harrisburg, PAHybrid work schedule Monday - Friday 8:00
AM -4:30PM
Department: Vulnerability Management
JOB PURPOSE AND SUMMARY
The Infrastructure Security Analyst performs as a lead to analyze,
support, record, and report Infrastructure-related vulnerabilities.
This role also handles compliance, identifies risk assessments, and
maintains hardware asset inventory, including the Federal System
Boundary Document.
PRIMARY DUTIES AND RESPONSIBILITIES
Vulnerability Management
- Identify security issues and provide security solutions and
guidance across Information Technology (IT) teams and technologies
(Cisco, Windows, Linux, AWS, F5, Mainframe, AIX, SAN, VMWare,
Checkpoint Firewall, etc.) to ensure/maintain NIST 800-53, FFIEC,
FISMA contracts (FSA, GA, PHCS) vulnerability management,
penetration testing and compliance with associated agency-related
risks.
- Propose technical responses, interpretation of, and security
response strategies for Compliance/Governance Management.
- Analyze data, develop reporting, identify, and interpret data
and communicate Vulnerability/Compliance and Risk Assessments for
executive leadership weekly, at a minimum, and on-demand in the
event of a vulnerability incident.
- Monitor, manage, and drive compliance for Hardware Asset
Inventory.
- Assist with ensuring Digital Technology Solutions (DTS) can
differentiate assets internal/external, federal/commercial, and
other key differentiation fields. Analyze associated data to
develop and maintain quarterly inventory lists as needed to meet
PHEAA's compliance or policy standards.
- Evaluate internal controls and policies for potential areas of
weakness, recommend and craft control and policy updates to bring
effective, positive changes to reduce the risk of audit findings,
legal or regulatory sanctions, possible financial loss, and/or
damage to the Agency's reputation.
- Support and help coordinate as well as advise on execution of
internal security implementations for Federal Binding Operational
Agreements and Enterprise Security Office (ESO) security
directives.
- Provide guidance and recommendations to Enterprise Security
Office (ESO) department for Nessus scanning and configuration
needs.
- Assist in building and maintaining roadmaps, and with the
development of the Vulnerability Management Workflow for Digital
Technology Solutions (DTS).
OTHER DUTIES AND RESPONSIBILITIES Other
- Participate and contribute (provide written and verbal
responses) during/for external and internal audit reviews, and/or
complex compliance inquiries, including federal audits.
- Other duties as assigned.
Required Skills
Bachelor's degree in computer science and five plus years of
experience in IT Operations and/or Compliance on an enterprise
scale or any equivalent combination of skills, experience and/or
certification.
- Proficient at performing Vulnerability Management and
compliance assessments of PHEAA's environment/systems, utilizing
tools; ex. Nessus/Tenable.SC, Nipper, Qualys, AWS tools (such as
Dome9, AWS Macie, AWS Security Hub, etc.), NIST, CISA, CVE/MITRE
cybersecurity directory, reviewing software vendor documentation,
and driving STIG and CIS Benchmark requirements/compliance.
- Experience as a network engineering generalist (Cisco Certified
Networking Associate (CCNA), CompTIA Network).
- Understands basic network connectivity, engineering best
practices and networking and network security principles (OSI
Model, TCP/IP, FTP, TLS, Routing, Switching, Firewalls, Access
Lists, Load Balancers, DNS, IP Subnetting, VLANs and Network
segmentation etc).
- Experience as a systems administrator with experience both as a
Windows Administrator (Microsoft Certified System Administrator -
MCSA) and Linux (ex. Linux+ CompTIA).
- General project management and leadership skills to drive
initiatives to conclusion and direct teams to complete necessary
compliance and vulnerability work without any direct authority (ex.
Project Management Professional (PMP), Certified Scrum Master
(CSM), or Certified Associate Project Manager (CAPM)
- Demonstrate strong understanding of the PHEAA Digital
Technology Solutions application, infrastructure, and network
architecture/implementation in order to make proper security
recommendations and assess residual risk of each environment.
- Demonstrate strong decision-making, interpersonal, negotiating,
and problem-solving skills.
- Experience with vulnerability management tools, such as
Nessus/Tenable.SC, Qualys, Dome9, etc.
- Proficient with MS Office Products, with high expertise in
Excel and experience developing SharePoint databases and SharePoint
Workflow Automation.
Preferred: experience with or strong understanding of Mainframe and
DB2 Technologies as a generalist including CIS benchmark and STIG
compliance implementations for Mainframe and DB2 as well as RACF.
Understanding of Security Best Practices. (ex. Security+ CompTIA
certification and/or CISSP). Understanding of enterprise logging,
monitoring and alerting tools and the interpretation of data
including but not limited to Splunk, LogRhythm, Broadcom APM,
AppDynamics, Pingdom, SiteScope, etc. Experience with scripting
languages, such as Python, Bash, Perl, etc.
ESSENTIAL DUTIES AND RESPONSIBILITIES
PHYSICAL REQUIREMENTS AND WORK ENVIRONMENT
- Provide 24/7 support as needed.
- Perform work required for this position in an office
environment.
- Remain sedentary for significant periods of time.
- Must be able to use a personal computer.
ADDITIONAL KNOWLEDGE, SKILLS, AND ABILITIES
- Ability to effectively communicate technical concepts to
non-technical audiences and business/security concepts to technical
audiences.
- Highly developed problem-solving skills and the ability to
focus attention on detail.
- Demonstrated analytical, critical thinking, and organizational
skills.
- Ability to work accurately, efficiently, and concentrate for
long periods of time in a detailed environment.
- Strong written and verbal communication skills.
- Ability to work effectively in a team environment.
Ability to promote and support a consistent, professional, customer
focus
Conditions of Employment
- This position will support a federal government contract.
Applicants must be able to obtain Public Trust security clearance
as required of federal government contractors to include a
background check conducted by the U.S. Government to determine
eligibility and suitability for federal contract employment for
public trust or sensitive positions. For this level of clearance,
the federal government requires applicants to possess U.S.
citizenship. Considering this federal government requirement, PHEAA
will be unable to hire applicants without United States citizenship
for such positions.
PHEAA's environment welcomes and supports our employees, customers,
and stakeholders; we seek out and value differing perspectives and
contributions. Our organizational culture promotes diversity,
equity, and inclusion at all levels of the organization.
Required Experience
Bachelor's degree in computer science and five plus years of
experience in IT Operations and/or Compliance on an enterprise
scale or any equivalent combination of skills, experience and/or
certification.
Keywords: PHEAA, Harrisburg , Infrastructure Security Analyst, Professions , Harrisburg, Pennsylvania
Didn't find what you're looking for? Search again!
Loading more jobs...