New Alcoa is looking for a Security Operations Specialist to ensure security, compliance and on-going effectiveness of enterprise information systems (websites, applications, databases, data centers, servers and networks, etc. are monitored, assessed, and defended. A secure IT infrastructure is the foundation of doing business. In a business environment where information security is key, the right infrastructure ensures high availability, scalability and efficient security.
This role will manage a security program including daily security operational support for all layers of IT infrastructure components.
The principal objectives of this position are to:
- Manage physical and environmental security controls to prevent unauthorized physical access, damage, and interruption to organization’s assets controlled within a data center environments
- Strengthen operational security processes to ensure security, privacy and resiliency are embedded in day-to-day activities
- Assess and improve hardening security controls enforcement (OS, database, middleware, network)
- Provide assistance for improving security controls in Web-based and other application software (secure design, secure coding, security testing, etc. )
- Assess and improve overall security architecture and network zoning
- Participate as an internal consultant to Alcoa’s infrastructure, applications, compliance and information security groups.
- Be accountable for security operations, ensuring compliance controls, monitoring and reporting;
- Perform periodic assessments, health checks & validations on the environment to identify and remediate any vulnerability supporting documentation of business cases and execution of action plans
- Assist in process improvement and automation of on-going compliance controls
- Engineer, maintain, resolve issues and administer various security-designated tools such as scanning, anti-virus, intrusion detection system, encryption, and web authentication
- Lead and participate on projects ensuring appropriate delivery of security controls, process and services.
- Participate in internal and customer projects assessing risk, ensuring optimum security controls , ensuring compliance with existing audit and security standards and performing security project tasks
- Respond to Customer Requests and Help Tickets, addressing security issues for all locations/regions
- Provide evidences and participate in Compliance Testing and Reporting for Global Data Centers and infrastructure supported
- Provide on-going consulting and support including customer request response, coordination, communication and implementing changes, and development and implementation of procedures and standards to enhance security delivery.
- Support technologic refresh activities making sure all controls will be in place for new infrastructure
- Provide guidance on how to ensure security controls covering all layers of IT infrastructure components supported
- Monitor and assess compliance by applying the prescribed tools, method and processes to monitor, analyze and report on compliance to Technical Security Specifications.
- Deploy security controls for new infrastructure or infrastructure turned-over for supporting
- Ensure applications hosted at global data centers / computer rooms (supported) meet security standards
- Ensure data centers are hosting infrastructure that meets all IT ASAT/SOX requirements
- Keep inventory of infrastructure supported updated and ensure governance process for on-going revision in order to make sure the whole environment is secure
- Keep inventory of account admins in the environment to ensure passwords have been changed, terminated accounts have been disabled, etc.
- Conduct technical studies and evaluations of business area requirements and recommends to IT management appropriate controls to ensure a secure environment
- Serves as escalation point for security issues in the enterprise infrastructure environment, support troubleshooting, provides guidance and direction in resolution of escalated issues and/or complex production, application or system problems.
- Serves as the first line of escalation support for security issues that cannot be resolved by tier one and two server support.
- Support decommissioning and turn-over of new infrastructure to be supported
- Create and maintain documentation of all security controls in place in the environment (installation, configuration, and appropriate troubleshooting steps).
- Ensure applications/infrastructure hosted on the cloud have secure controls
- Comply with all guidelines detailed in the IT ASAT/PSAT (with a specific focus on business partnerships, change control, disaster recovery, and security) for assigned area(s) of responsibility.
- Operate within Alcoa IS standards and conventions.
- Fosters collaborative relationships within and between organizations, project teams, customers, suppliers and peers, to identify and provide computer and business solutions to effectively and efficiently satisfy the data processing and information requirements of the business.
- Exhibits excellent verbal and written communications skills. Communicates and explains complex technical issues in an understandable way to the business and to the leadership of the organization.
- Leads selection and adoption of proper industry standards.
- Works with IT leaders, to develop/review technical strategies and ensure that technical programs are developed to carry out the strategies.
#LI-PM1
Basic Qualifications
- Bachelor’s degree in Engineering, Computer Science, Business, math or related field from an accredited institution
- Minimum of 8 years’ experience in IT security operations/ in Linux and Windows OS/Data Center and infrastructure environment/Database.
- Employees must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of Hire. Visa sponsorship is not available for this position.
Preferred Qualifications
- Knowledge in CyberArk, FireEye, RSA, PGP, Symantec Endpoint Protection (SEP)
- Knowledge of project management methodologies in order to be able to provide input to and technical contributions to projects managed by others.
- Knowledge of Network Security Fundamentals
- Experience with computer scanning tools
Job Type
Experienced
|
EmoticonEmoticon