Information Security Specialist - KUA

Performs technical and analytical work in cybersecurity. Identifies, monitors and defends systems from unauthorized users or threats. Performs in a red team/blue team role to identify, respond and resolve security incidents. Manages end user and group access to network resources, systems and configures permissions across the enterprise. Conducts daily operations in cybersecurity and physical security systems. Maintains and develops corporate intranet systems. Provisions public records requests and ensures retention and storage of all records in accordance with public record laws. Provides end user and external support on access to network, data shares, financial, and core business systems. Manages video surveillance and key card programs. Does related work as required.  Work is performed under the general supervision of the Information Security Manager.  

Uses cyber defense tools, systems, and practices in defending an enterprise network, and subsidiary network systems. Participates as a member of a red/blue team for incident response to possible attacks/intrusions. Detects and analyzes anomalous activities and distinguishes these incidents and events from benign occurrences. Takes action on possible intrusion or exploitation by locking accounts or disabling access. Performs urgent and high profile indicator of compromise searches using multiple systems, documents findings and provides results to upper management. Receives and analyzes network alerts from various sources within the enterprise and determines possible causes/sources of such alerts. Documents and escalates incidents for action across multiple work centers or as part of a coordinated response. Performs event correlation from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. Administers network and physical security policy in an active directory environment. Coordinates with external vendors for access to network systems. Establishes and configures end user permissions, group controls, application whitelisting and performs forensic analysis. Works with external auditors and risk analysis teams. Serves as the gateway for whitelisting approval and security sandbox testing of new applications prior to launch.

Conducts day to day operation and maintenance of physical security systems including, surveillance cameras, video recording, employee access cards, door and gate control operations, alarms and produces electronic artifacts from those systems as requested. 

Administers, maintains, and develops the corporate intranet system. Serves as the public records office for the company, including records retention, disposition, and provisions public records requests in accordance with Florida Statutes. Manages the end user cybersecurity training program. Administers computer equipment inventory and conducts routine audits for accuracy.

May be called upon to work additional hours during weekends or in an after-hours standby capacity.

Knowledge of network security principles, concepts, protocols, methodologies and practices at a certified level of proficiency is required. Must have working knowledge of cyber defense and cybersecurity policies, procedures, detection of cyber threats, vulnerabilities, and common attack vectors on the network layer. Must have the ability to query and corelate events and indicators across a range of systems. Must be able to perform accurate and reliable searches for hash and file name based indicators of compromise in a thorough manner across the entire enterprise. 

Knowledge of the operation and uses of personal computers, network administration practices, hardware and software interoperability for video surveillance and control systems. Knowledge of active directory at the user and group level, video surveillance and cyber security.  Advanced knowledge of the State of Florida and Federal Guidelines for records retention and public records laws.  

Must understand multiple network environments, operating systems and their interconnectivity into the records storage program, including retrieval of records, administration of security access and audit practices.  Must be able to retrieve, video, security, voice, and phone traffic records as directed. Safeguards information system assets by identifying and solving potential and actual security problems. Maintains technical knowledge by attending continuing educational workshops to maintain relevant certifications. Ability to communicate effectively orally and in writing, document, and present findings for senior management. Must be able to understand and carry out written and oral instructions or procedures.  Ability to establish effective relationships with fellow workers and handle sensitive or confidential material. Must be able to do moderate lifting up to 50 pounds. 

Bachelor of Science degree in Cyber Security, Network Security, Network Engineering, Information Systems or related discipline. A current CompTIA Security+, EC-Council Certified Ethical Hacker, or equivalent certification is required.  Microsoft certifications and network experience is preferred.  

Four plus (4+) years of experience in a cybersecurity or computer network related position including hardware/software troubleshooting, at the server and PC level, and use of cybersecurity tools or systems. Experience as a member of an incident response team is desired. Any combination of education and experience.