Job Description
Thank you for stopping by to view the IT Security Analyst role I posted here on Indeed, I appreciate it. If you have read my job descriptions before, welcome back. If you are new to my JD’s, you will find that I like to add some humor to these things. In addition, this is not a ‘bot’ writing this. Just a real dude watching Squawk Box early in the morning.
The reason I mention these things is that I realized – quite a while ago – that looking for work is about as fun as a root canal. So, if I can make it at least more tolerable, I will surely do it.
Allow me to introduce myself. My name is Tom Welke and I am Partner & VP at RSM Solutions Inc and I have been recruiting technical talent for over 22 years and been in the tech sector since the .com days of the 90’s. Due to this, I am going to be far more focused on ‘fit’ than anything else…a fit for you AND a fit for the client.
I know this client quite well and we have worked together for quite a few years. Due to that, I wanted to share what creates a good ‘social fit’ here. Here are some of those characteristics:
EQ is as important as IQ. In the world of IT Security, you will find individuals who believe everything is a disaster and no one in the entire organization is more important than they are. If you have this kind of attitude, I am going to suggest you look elsewhere. This is an environment where people work together, everyone collaborates with one another, and everyone truly has an interest in helping (as opposed to talking down to) others.
This particular company has experienced some fairly rapid growth over the last few years. This leads to something…we need an individual in this role that is comfortable with priorities changing from time to time.
Insatiable curiosity is something these guys really like to see. Are you the kind of person that truly enjoys researching issues, and – more importantly – likes to share what they have found? That would be a great trait for this role.
This role is being done onsite in Irvine, California Monday through Friday. So, you will either need to be located in Irvine or willing to relocate (there are no relocation benefits available for this role).
I can only work with US Citizens or Green Card Holders for this role.
Here is what we are looking for: We are seeking an IT Security Administrator that, perhaps, has moved up the ranks from being a Network or Systems Administrator to the world of Security. If you moved from a Help Desk role into Security, that would be fine as well. You will be the only IT Security focused individual for this firm (there are about 20 people total in the entire IT team though). So, that ability to have the initiative to take on threats and not wait for direction will be important to success in this role. The hiring manager for this role has been taking on these IT Security tasks for a while and is running out of bandwidth, so you will be getting a lot of institutional knowledge from him in this role. You will be reviewing logs, conducting pfishing campaigns, physical testing, work in the ‘purple’ side of things, incidents as well as a myriad of reports. For toolsets, they use Fortra, Fortinet, Barracuda, Symantec, FortiAnalyzer, and Techguard. One of the bigger keys to success in this role is to determine what are real threats vs those that aren’t nearly as important. I have my own personal phrase for this that I heard from another friend of mine a while back ‘when everything is urgent…nothing is’.
Here are some of the key responsibilities. Rather than posting a zillion of these, I like to bring out the real key ones:
Collaborate with users to discuss computer data access needs, to identify security threats and violations, and to identify and recommend needed programming or process changes.
Work with that wonderful world of encryption, firewalls, and – of course – security tools to conceal and protect transfers of that ever-present confidential info. This also includes implementing plans to safeguard data.
Review violations of security procedures, and provide training to ensure that these threats don’t happen again. This is – often times – the most important part of a role like this one. A gentle hand and a compassionate voice goes a long long way as opposed to acting like a tyrant.
Monitor and restrict access to sensitive, confidential or high-security data. There is something of a ‘balance’ needed with this responsibility. We don’t need that IT Security person that locks down everything…the business needs to function, after all.
Perform risk assessments, audits, tests, and determine when to update virus protection systems.
Here is what we are looking for:
Roughly 2-5 years of IT Security experience. I am going to be far more interested in breadth and depth of that experience, however. So, if you have fewer years of experience, but you were responsible for everything…that would be fine.
If you came from a Network or Systems Administration background or a help desk background and then moved into IT Security, that would be wonderful to see.
Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations.
Working knowledge of application & infrastructure security solutions (Firewalls, Intrusion Detection/Prevention Systems, Network Security, Password Management, Data Encryption, and Access Control).