Reach Your Peak with ICMA-RC, a FINANCIAL SERVICES LEADER in public sector employee retirement products and services. Headquartered in Washington, DC, our Financial Services corporation manages over $40 billion in retirement plan assets for more than one million participant accounts. We are constantly looking for ways to create new opportunities to serve our participants. We have an extraordinary talent base and invite you to consider joining ICMA-RC's Information Security team.
This position will serve as the member of the Information Security team responsible for administering IT security controls to protect the confidentiality, integrity, and availability (CIA) of all corporate data, assist with implementation the strategic Information Security Plan, utilize, configure, implement and maintain industry standard cyber defense capabilities including but not limited to web content filters, email security capabilities, IDS/IPS, SEIM, DLP, advanced log analysis, network monitoring, network flow analysis, packet capture analysis, network proxies, firewalls, anti-virus capabilities, vulnerability management, Linux/UNIX command line, and access control lists (ACL).
Participate in network security planning, architecture design and engineering; generate and schematically illustrate communication architectures, topologies, hardware, software, transmission and signaling links and protocols into complete network configurations, evaluate new solutions, perform network problem resolution and assist in the development and documentation of technical security standards and baselines.
To perform network security assessments in a multi-vendor, enterprise-class networked environment, to conduct defense-in-depth security assessments of various enterprise-class networks, recommend security enhancement steps, and work closely with existing network operations personnel to assist in implementation. Demonstrate expertise in securing network devices such as (wired/wireless) routers, firewalls, switches, NAC’s, mobile devices and load balancers; and assist in the development and documentation of policies, standards, and procedures.
Essential functions for this role include:
• Possess specialized knowledge in network engineering and understand IT standards, including but not limited to the OSI model, and the methods of exploiting those standards.
• Perform regular security and risk assessments, to include penetration testing, analysis of network and systems-related security events, and risk analysis.
• Monitor, evaluate, and maintain complex security systems according to industry best practices to safeguard data centers, networks, and information systems.
• Provide support for all network security-related issues or queries including existing and new technologies, vendors and applications.
• Conduct investigations of network security violations and breaches, provide reports and analysis, and provide recommended solutions.
• Perform monitoring and analysis of data across multiple the network infrastructure.
• Participate in the delivery of the information security programs, including enterprise vulnerability management, incident response, and threat management and monitoring, and risk reporting.
• Serves as a resource in the development, direction, and implementation of network security in enterprise capabilities to prevent sophisticated cyber threats and vulnerabilities.
• Monitor information security industry developments, advise technical and business personnel on implications and verify security measures of vendors or partners of the organization that may compromise sensitive data or information and participate in user security awareness and training.
• Experience in multiple security areas such as intrusion detection/prevention, threat and vulnerability assessment, firewall policy implementation, and computer security incident response.
• Development, implementation, monitoring and enforcement of security and network policy.
If you have the following credentials, we encourage you to apply:
• BA /BS Degree or equivalent work-related experience.
• 5+ year experience with system administration, system or network engineering in a variety of environments.
• Experience performing network mappings and vulnerability scans on systems of varying complexity.
• Must possess working in-depth knowledge and hands-on experience of networking protocols (e.g., TCP/IP, SMTP, VoIP, and HTTP etc.) and network topologies. (e.g., Ethernet, VLAN, Wireless etc.)
• Skilled in design and configuration of large-scale voice and/or data networking infrastructures (e.g., Routers, Firewalls, VPN’s, Servers, VoIP technologies, switches, telecommunications facilities), and network security devices (e.g., Firewall, Proxy’s, IDS).
• Understands the lifecycle of the network threats, attack vectors and methods of exploitation.
• Strong Network LAN/WAN knowledge and troubleshooting skills are mandatory.
• Written and verbal communication skills, including technical writing and organizational skills and will be comfortable working in a fast-paced environment.
• Strong understanding of network and application-level threats and vulnerability exploitation and common network protocols and their associated weaknesses.
• Working knowledge of server application level security. (email, database, web server, etc.)
• In-depth knowledge of UNIX and Microsoft client and server operating systems and experience hardening UNIX, Windows, and Cisco systems.
• Must be able to recognize and mitigate network security threats.
• Strong knowledge of Information Security principles and practices.
• Must have a solid understanding of distributed systems architecture and their operating systems in addition to network management systems.
• Ability to perform network packet analysis to troubleshoot and investigate anomalies.
• Experience with modern security concepts/skills/knowledge such as next generation firewalls, Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware, and enhanced authentication.
• In real-world knowledge of defense-in-depth methodology of network security including familiarity with subnetting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods.
• Knowledge of network architectures, current networking technologies and features, security requirements, application features, and other security issues.
• Required knowlege of Firewall and VPN Management, Intrusion Detection and Prevention (IDS/IPS), Web Security Gateway (WSG), Data Loss Prevention (DLP), Security Information and Event Management (SIEM) and Vulnerability Management.
• Preferred Certification in one of the following: CompTIA Security+ Professional (Security +), Certified Ethical Hacker (CEH), Check Point Certified Security, Administrator (CCSA), Microsoft Certified Systems Engineer: Security, MCSE: Security), Cisco Certified Network Associate (CCNA), Certified Information Systems Security Professional (CISSP), Cisco Certified Security Professional (CCSP), GIAC Security Essentials Certification (GSEC), Systems Security Certified Practitioner (SSCP), Information Systems Security Architecture Professional (ISSAP).
For your well-being, we offer a solid compensation and benefits package that features a competitive salary, a straight-forward incentive plan that rewards results, and a 401(k) Plan.
For your career, we offer tuition reimbursement, professional development courses, seminars, career enrichment assignments, mentoring programs and a record of enterprise growth that creates continuing opportunities for career advancement.
Consider ICMA-RC, and respond in strictest confidence. ICMA-RC is an Equal Opportunity Employer that values diversity in the workplace. Minorities and women are encouraged to apply. We look forward to hearing from you.
ICMA-RC - 14 months ago