Location: Chicago, IL
Required Basic Qualifications:
- Bachelor’s degree or equivalent practical experience
- Minimum 2 years’ experience administering systems security appliances and/or Unix/Linux environments
- Demonstrated ability to program or “script” in languages such as Python, Perl, PowerShell, or Bash
- Advanced knowledge of operating systems, network troubleshooting, and common applications
- Advanced experience troubleshooting and problem resolution
Preferred Basic Qualifications:
- Cloud administration experience (AWS/Azure)
- Demonstrated proficiency in Unix/Linux systems administration
- Experience developing custom automation for common system administration processes
- Experience administering Splunk, Elastic Search, or other SIEM/analytics technologies
- Experience administering other security tooling such as IDS, Web Proxy, SIEM, WAF, HSM, and/or packet capture tools
- SOC/IR experience
- The Security Administrator handles many aspects of information security systems management and operations.
- This includes day-to-day management of information security tooling, including support, installation and maintenance of infrastructure components such as IDS, SIEM, WAF, HSM, and packet capture tools.
- Additionally, this role will work with other internal and external teams tasked with maintaining solutions relied upon by the security team.
- A secondary responsibility will be to assist with incident response and forensics activities.
Full administration and management of assigned technologies:
- Configure, maintain, and troubleshoot multiple technologies such as IPS/IDS, SIEM, WAF, HSM, geofiltering, packet capture, and network malware detection solutions
- Collaborate with other information security teams to mature our security portfolio
- Automate security functions wherever possible, including contributing to internally developed and/or open source security tools
- Administration of key security technologies not managed by Information Security as assigned
- Monitors the management of tooling managed by other internal and external teams or MSSPs such as web proxies, endpoint AV, EDR, email filtering, and identity solutions
- Tier 1 Incident Response and Threat Detection
- Provide on-call security support on a rotational basis
- Monitors MSSP vendors who provide operational support
- Define and deliver key operational and performance metrics for assigned technologies