Information Security Configuration Compliance Analyst

As the Information Security Configuration Compliance Analyst your objective is to analyze a variety of information technology platforms to assess risk, and plan and execute audits.

Responsibilities:

• Ongoing maintenance & administration of assigned systems
• Adherence to policies, processes and procedures within your areas of responsibility
• Assistance with execution of projects related to areas of responsibility
• Review and approve configuration of security controls
• Recommend security policy changes and enhancements
• Support configuration and change management processes
• Review and approve configuration of security controls
• Review and audit configuration of security controls within infrastructure hardware based on STIG and configuration requirements
• Technical experience with VBScript, JScript, WMI, ADSI, C+, DOS BATCH, UNIX Shell, and Powershell
• Basic knowledge of core Windows Server applications (IIS, SQL, Active Directory, DNS)
• Understanding of Microsoft System Center Configuration Manager 2007 and Desired Configuration Management configuration components
• Perform configuration and security compliance reviews of RedHat Enterprise and CentOS Linux
• Perform configuration and security compliance reviews of Microsoft Server 2003, 2008 R2
• Perform configuration and security compliance reviews of Cisco networking hardware including routing, switching and firewalls
• Perform configuration and security compliance reviews of Citrix NetScalar load
• Perform configuration and security compliance reviews of SCADA (Supervisory Control And Data Acquisition) systems in an electrical environment
• Perform configuration and security compliance reviews of SANS with EMC products.  NAS storage technologies and protocols. Hitachi and 3PAR is a plus
• Perform configuration and security compliance reviews of Unix and NFS and Windows and TFS including patching, provisioning
• Perform configuration and security compliance reviews of SAN Administration including zoning, LUN security, and HBA configuration
• Perform configuration and security compliance reviews of  VMware ESXi infrastructure
• Identify opportunities for process improvement; develop and execute project plans to enhance operational effectiveness, including deployment of new controls or configuration changes
• Coordinate information security activities with the Information Security manager
• Support of Information Assurance program including development, collection, assessment, and reporting of metrics
• Maintain a working knowledge of industry regulations and updates as well as technical proficiency to proactively support the needs of operations
• Work with external organizations for situation awareness and incident response
• Support business development activities by providing technical expertise on information security related efforts
• Understanding of risk assessment, control analysis and audit methodology is preferred but not required
• Knowledge of risks associated with technology; logical and application security; general application controls; and systems development methodology 

Required Skills & Experience: 

• 3+ years of broad-based IT experience with technical knowledge
• Basic knowledge of RedHat Enterprise and CentOS Linux
• Basic knowledge of Microsoft Server 2003, 2008 R2 and SQL
• Basic knowledge of Cisco networking hardware
• Basic knowledge of Citrix NetScalar load balancers
• Basic knowledge of VMware ESXi hardware and software
• Knowledge of SCADA (Supervisory Control And Data Acquisition) systems in an electrical environment
• Basic knowledge of SANS with EMC products.  NAS storage technologies and protocols. Hitachi and 3PAR is a plus
• Basic knowledge of Unix and NFS and Windows and TFS including patching, provisioning
• Basic knowledge of SAN Administration including zoning, LUN security, and HBA configuration
• Excellent analytical and problem-solving abilities
• Ability to efficiently prioritize and organize competing work demands with little oversight
• Bachelor's Degree in Computer Science or a related discipline and typically 3-6 years of experience focused on information systems audit or an equivalent breadth of experience in information security, information assurance, systems, and network technology (related degree or equivalent experience)

Desired Skills & Experience 

• Industry-related certifications: CISA, CISSP, CISM or a CIA are a plus but not required
• General knowledge of Governance, Risk, and Compliance (GRC) tool sets
• Working knowledge of IT auditing and compliance practices. (FISMA, NIST 800-53, and PCI)
• Strong cross-functional team participant and collaborative approach to problem solving
• Excellent documentation, communication and interpersonal skills

Employment requirements may include Background and Credit Check, Drug Testing and/or Skills Testing.Terremark a Verizon company is an Equal Opportunity Employer.