SR. WINDOWS SECURITY ANALYST

Job ID: 503Position Title: SR. WINDOWS SECURITY ANALYSTWorking Location: Norristown, PAEmployment Status: Full-Time RegularRequired Experience: 5 yearsRequired Education: Bachelors DegreeTravel Required: 0%Job Description
GENERAL POSITION SUMMARY:
The Senior Analyst provides primary support for the security, configuration, operation and efficiency of the pool of Windows servers and clients currently at PJM. The Senior Analyst is the technical lead for evaluating the security of technologies which are implemented in the Windows environment. The Senior Analyst develops projects, processes, tools and documentation that assure the continued efficient operation of a major portion of the computing environment at PJM.
CHARACTERISTICS AND QUALIFICATIONS:To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Required:
Bachelors Degree or equivalent experience.
5 years experience securing Windows based computing environment.
Strong familiarity with Windows 2000/2003 Server Security tools and policy design.
Experience with enterprise security tools and products.
Ability to conduct research and identify security vulnerabilities.
Experience with Windows 2000/2003 in an enterprise environment.
Experience with remote access technologies and products.
Ability to operate in a confidential environment.
Strong analytic ability.
Ability to manage the details of a project plan.
Ability to manage concurrent and differentiated tasks.
Excellent oral and written communication skills.
Ability to work in a team environment.
Willingness to learn new technologies.
Preferred:
Microsoft Certified Systems Engineer (MCSE).
Familiarity with ESMEssential Skills
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Daily:
Responsible for reviewing the Failed Logins report for all servers and identifying any failed logins requiring investigation.
oServer versus PC logins
oAdministrator or administrator-level accounts
Responsible for reviewing and evaluating the applicability and risk of announced vulnerabilities, patches and hot-fixes.
oDetermine scope, OS versus software, server versus client, internal versus external
oDetermine applicability and severity
oOversee the testing, implementation, and roll-out of required patches and hot-fixes or mitigation steps
Responsible for reviewing ArcSight Console.
oCheck for attacks against servers.
oCheck for suspicious activity from or to servers
oInvestigate items that warrant it
oRespond to ArcSight alerts related to Windows servers.
Responsible for following up on items identified from Enterprise Security Manager (ESM) policy runs.
oDetermine corrective actions and plan for implementation
oImplement fixes for items where reasonable
oCoordinate corrective actions required when additional resources are needed.
Weekly:
Responsible for reviewing ESM policy runs.
oAnalyze policy reports, set precedent on fixing items identified.
High priority –red items
Medium priority – yellow items
Low priority – green items
oIdentify and document corrective actions.
Participate in the Security Monitoring group
Member of the Cyber-Incident Response Team.
Other:
Responsible for overseeing the implementation of the controls required by the North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Standard for the Windows environment.
Responsible for the overseeing the remediation of vulnerabilities identified by an external penetration assessment.
Responsible for researching and analyzing software / industry changes that affect our security standards and procedures.
oDetermine scope, OS versus Software, server versus client, internal versus external exposure
oDetermine applicability and severity
oPlan testing, implementation, and roll-out of required changes, whether updates, patches, manual configuration steps, etc.
oCoordinate required changes, update documentation, standards and procedures
Responsible for researching vulnerability reports.
oDetermine scope, OS versus Software, server versus client, internal versus external exposure
oDetermine applicability and severity
oOversee testing, implementation, and roll-out of required changes, whether updates, patches, manual configuration steps, etc.
oCoordinate required changes, documentation updates, standards and procedures
oAssist with developing the framework and writing of standards and procedures for technologies within the Windows environment.
oOversee the maintenance of written standards and procedures to ensure our environment is kept secure
Oversee the and participate in the writing and maintenance of written standards and procedures to ensure our environment is kept secure for: Document Server security, Document Workstation security, Document Server Application (IIS, Exchange, SQL Server, etc) security,
Design ESM Policies to match Server security documentation
oBased on delivered/existing policies modify draft policies that will be converted to production policies to ensure compliance.
oCreate and update ESM templates to ensure valid checking is completed on servers to keep them in compliance.
REQUIREMENTS
(See Description)