Senior Specialist, Information Security

Job Description

Summary

The Senior Security Specialist is critical in protecting enterprise systems, data, and infrastructure by

proactively identifying and mitigating security risks. This role requires a deep understanding of cyber threats, risk

management, and security technologies to safeguard the organization's digital assets. The individual will provide

expert guidance, lead security initiatives, and mentor junior analysts while collaborating with cross-functional teams

to strengthen the overall security posture.

Key Responsibilities

Security Operations & Risk Management

- Oversee the configuration, administration, and optimization of enterprise-wide security solutions.
- Monitor an enterprise-wide endpoint security solution with a base of 25,000+ endpoints, ensuring optimal
- security and performance.
- Provide expert-level (Tier 3/4) security solution support, responding to and resolving critical incidents
- within established SLAs.
- Lead incident response efforts, analyzing security events, conducting root cause analysis, and implementing
- corrective actions.
- Utilize advanced threat intelligence methodologies to predict, detect, and respond to sophisticated cyber
- threats.
- Develop, refine, and implement advanced SIEM use cases, security monitoring content, and correlation
- rules for improved threat detection.

Forensics & Compliance

- Conduct digital forensics investigations and support internal audits by providing detailed forensic analysis of security incidents.
- Ensure compliance with regulatory and industry standards (e.g., ISO 27001, NIST, GDPR, CMMC, ITAR), advising stakeholders on security best practices.
- Participate in vulnerability management programs, including penetration testing, red/blue team exercises, and security assessments.

Security Architecture & Engineering

- Assist in the deployment and hardening of security solutions such as firewalls, IDS/IPS, EDR, SIEM, IAM,
- and DLP.
- Consult on developing zero-trust security frameworks and strategies for endpoint and network security.

Leadership & Collaboration

- Mentor and guide junior analysts and engineers, providing technical leadership and career development
- support.
- Partner with IT, DevOps, and business teams to ensure security is integrated into all aspects of IT
- operations.
- Act as a security advisor to executives and stakeholders, translating complex security concepts into
- business-friendly language.

Knowledge/Skills/Competencies

Technical Expertise

- Proficiency in cybersecurity frameworks, risk management, and threat modeling.
- Extensive knowledge of security operations, incident response, and digital forensics.
- Advanced experience with penetration testing, vulnerability management, and ethical hacking methodologies.
- Strong proficiency in cloud security, network security, identity and access management (IAM), and endpoint protection.
- Understanding of encryption standards, PKI, and secure application development.
- Proficiency in scripting and automation (e.g., Python, PowerShell, Bash) to enhance security operations.
- Advanced ability to analyze and correlate security data from diverse sources (logs, SIEM, EDR, etc.).
- Knowledge of database security (MySQL, SQL, Oracle).

Business & Soft Skills

- Strong leadership and mentoring capabilities.
- Excellent verbal and written communication skills, with the ability to translate technical security risks into
- business impact.
- Understanding regulatory requirements such as ISO 27001, ITAR, CMMC, SOX, and GDPR.
- Proven track record of working with cross-functional teams to drive security initiatives.

Physical Demands

- Duties are primarily performed in an office environment but may require occasional on-call availability and
- emergency response.
- Extended periods of sitting, as well as visual concentration on security dashboards, logs, and reports.

Typical Experience

- 6 - 10 years of experience in cybersecurity, IT security operations, or related fields, with a demonstrated
- history of technical leadership.
- Experience managing and responding to advanced persistent threats (APT), malware analysis, and insider
- threats.

Typical Education

- Bachelor's Degree in Computer Science, Information Security, or a related field
- Preferred Professional certifications:
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- OSCP (Offensive Security Certified Professional)
- CEH (Certified Ethical Hacker)
- GIAC Certifications (GSEC, GCIA, GCIH, etc.)
- Cloud Security Certifications (CCSP, AWS Security Specialty, Azure Security Engineer, GCP Professional Security Engineer)

---