ITnova Consulting

Network Security Specialist

Website ITnova, LLC

Analyzes and defines security requirements. Designs, develops, engineers, documents, and implements solutions to MLS requirements. Gathers and organizes technical information, as directed, about the agency’s data and network security needs, existing security products, and ongoing programs in the MLS arena. Performs risk analyses, which also includes risk assessment. Implements solutions for projects such as Secure remote access, VPN, Intrusion detection, port scanning, web security and vulnerability assessments and remediation.

1. Management of and timely response to web help desk tickets (expectation is a ticket is responded to within 24 hours of receipt on a non-urgent issue, urgent issues should be followed up on immediately and, if travel is involved, response within 4 hours).
2. Review security logs, audit data and take required actions.
3. Identify points of vulnerability, non-compliance with established IA standards and regulations and recommended mitigation strategies.
4. Monitor and provide initial response for security alerts per procedure; escalate network and server infrastructure alerts per MDSP procedures
5. Perform regularly scheduled penetration testing
6. Escalate issues to CISO, ITD Deputy Director, and ITD Director when necessary, according to Agency procedures
7. Participate in security incident response activities with senior staff when required
8. Attendance at MSP ITD meetings (as required)
9. After-hours support (as required)
10. Communication with stakeholders impacted by system changes, security patching, configuration updates, etc.
11. Mentors less-experienced team members.
12. Status reporting

Education: A Bachelor’s Degree from an accredited college or university with a major in Computer

General Experience:
This position requires a minimum of six (6) years of experience in analysis and definition of security requirements.
At least four (4) years of IT experience in data security analysis and risk mitigation within the most recent 5-year period.

Specialized Experience:
At least four (4) years of specialized experience in defining computer security requirements for highlevel applications, evaluation of approved security product capabilities, and developing solutions to MLS problems.
One or more of the certifications below are a plus:
 CompTIA Security+ Certification
Certified Information Systems Security Professional (CISSP)
 GSEC (GIAC Security Essentials Certification)

Experience with some of the technologies and methodologies detailed below:
 Access control
 Anti-malware software
 Anomaly detection
 Application security
 Data loss prevent (DLP)
 Email security
 Endpoint security
 Firewall management
 Intrusion prevention systems
 Network segmentation
 Security information and event management (SIEM)
 Virtual private network (VPN)
 Web security
 Wireless security
 Cloud security