Infrastructure & Security Assessor

Security and Infrastructure Assessors are responsible for auditing, investigating, and protecting the security and stability of our customers by providing accurate, concise, reports on compliance, security, and infrastructure. The Security and Infrastructure Assessor is tasked with providing technical expertise in all areas of network, systems, and infrastructure security. In this position the Security and Infrastructure Assessor must effectively correlate and analyze data gathered from both manual and automated scans within the context of a client’s unique environment to detect threats and mitigate IT Risk. This role will audit environments using documented procedures and industry best practices. The responsibilities for this position must extend to participating in multiple audits simultaneously.  The Security and Infrastructure Assessor must report all possible security vulnerabilities, potential breaches, attacks, threats, and evidence of compromise found during audits as well as any critical infrastructure issues that may lead to customer impacting outages or unexpected downtime.

Key Responsibilities:

• Performs initial analysis of customer environments.

• Safeguards information system assets by identifying and solving potential and actual security problems.

• Protects systems by evaluating defined access privileges, control structures, and resources.

• Completes written reports in compliance with current reporting procedures and policies.

• Ability to interact with and lead discussions with business executives and employees across different functions and lines of business.

• Effectively communicates investigative findings to non-technical and technical audiences.

• Ensuring the security and infrastructure technology provided by the organization is performing to optimal standards with customers.

• Gain knowledge of existing policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data.

• Maintain an awareness of industry challenges and advancements to add value to existing technologies and processes used within the team.

• Maintain knowledge of industry trends and current security and infrastructure practices by attending educational workshops and reviewing relevant publications on a regular basis.

• Effectively apply information security and infrastructure management theories and concepts to specific circumstances.

• Recognizes problems by identifying abnormalities/reporting violations.

• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.

• Keeps users informed by preparing performance reports and communicating system status.

• Maintains quality service by following organization standards.

• Assists with additional audit domains as needed

• Effectively track time spent and keep accurate notes for work performed.

• Performs other related duties as assigned.

Skills and Qualifications*:*

• Ability to work independently and with a team

• Ability to write detailed, concise, and accurate reports

• Working knowledge of cybersecurity and infrastructure monitoring tools

• Working knowledge of end-point security tools

• Demonstrated experience learning new tools and standards

• Physical Security and Infrastructure auditing experience

• Excellent customer support and communication skills

Education and Experience:

• Bachelor’s degree in computer science, Information Systems, Accounting or equivalent education or work experience.
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
• Hands-on experience analyzing environments for Confidentiality, Availability, and Integrity Controls
• Experience with vulnerability scanning solutions.
• Proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, and RSA Security
• In-depth knowledge of architecture, engineering, and operations of enterprise information systems
• Experience in writing and preparing customer facing reports
• Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, Storage Area Networks, and Unix and basic Unix commands.
• Experience with Office 365 and Azure with a heavy focus on security-based functions and best practices.
• Preferred but not required: CISM, CISA, or any infrastructure/security-based auditing certification

Bridgehead IT is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Bridgehead IT are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. We do not tolerate discrimination or harassment based on any of the above characteristics.