Primary Position Objective: As a Security Analyst, you will support CLIENT Identity Governance and Access initiatives as they relate to the user account lifecycle management and network resource access. This will include assisting the team with tickets, provisioning requests. access audits, to ensure that access granted to network resources are properly maintained and identifiable. The person selected for this position will also work with the team to ensure compliance with Sarbanes Oxley Controls, SANS CSC 16 controls, Payment Card Industry Compliance Requirements, ISO 27001 Controls as it relates to users access to AD.
- Education: Bachelor’s or Master’s degree in computer science, information systems, or related engineering field preferred
- Experience:1-3 years of experience required. Years of experience may take the place of the education requirement listed above
Required Skills/ years of experience needed:
- Proficient understanding of and hands on experience working with Active Directory (AD), especially AD groups.
- Powershell scripting, especially querying AD preferred.
- Knowledge and experience with RSA soft tokens preferred.
- Experience auditing AD groups, especially in determining what the AD group grants access to.
- Ability to manage large, high visibility projects
- Experience tracking and reporting metrics to management
- Advanced Spreadsheet analysis
- Must be able to communicate in a clear, concise, professional oral or written manner, to be understood by customers
- Ability to operate independently to provide domain area functional and technology expertise
- Basic foundation in information technology
- Strong problem-solving skills
- Basic understanding of Identity and Access Management concepts
- Experience liaising with other security and compliance teams on large enterprise projects
- Understanding of IT systems - Windows, Linux, Networking etc.
- Working knowledge of application and data security as well as end-user access management processes in a multi- platform environment (e.g., UNIX/ LINUX, Mainframe, Windows).
- Information Security Certifications preferred and can include: CISSP, Security+, CISA, CEH, GIAC Security Essentials etc.
- As part of a team, be mainly responsible for reviewing and managing access requests
- As needed, ensure compliance with Sarbanes Oxley Controls, SANS CSC 16 controls, Payment Card Industry Compliance Requirements, ISO 27001 Controls as it relates to users access to AD.
- As needed, assist users in navigating the approval process for access to resources governed through Active Directory.
- As needed, respond to inquiries/issues from end users related to lifecycle management requests
- As needed, assist in periodically reviewing inactive accounts (service, test, user etc.) and disabling them after performing due diligence.