[Hiring] Cyber Security Specialist @QCR Holdings, Inc.

Role Description

The Cyber Security Specialist is responsible for the implementation, administration and continuous improvement of the security solutions identified in the organization’s security program to ensure that all information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which the organization operates. This role is responsible for day-to-day security operations including supporting and maintaining a wide range of information security products that monitor and provide compliance across the digital assets owned, controlled and/or processed by the organization. The Cyber Security Specialist will work jointly with other cyber security team members and with other operational teams to coordinate, facilitate and effectively implement and maintain the compliance of the organization’s security policies and procedures.

• Administer security posture, identify and remediate vulnerabilities, perform threat modeling, implement threat protection, and respond to security incident escalations.
• Threat management, monitoring, and response using a variety of security solutions across the environment.
• Investigate, respond, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.
• Implement and manage secure, trusted systems to ensure appropriate confidentiality, integrity, availability, safety, privacy and recovery of digital assets.
• Implement, manage and support secure network solutions to protect against advanced persistent threats.
• Implement, manage, monitor and upgrade security measures to protect QCRH data, systems and networks.
• Administer security technology and audit/intrusion systems related to Cloud Security, System Security, Application Security, Data Security, VPNs, IDS/IPS, Web-Proxy, Security Audits and more.
• Participate in the change management process to forecast the effects of change through potential scenarios and the security consequences on information resource changes.
• Test and identify network and system vulnerabilities to determine potential vulnerabilities that could be leveraged by a threat source.
• Identify and respond to threats including characterization and attribution of threats, creation and sharing of situational awareness, and development of mitigation strategies.
• Understand and interact with key stakeholders to ensure the consistent application of policies and standards across all technology projects.
• Provide clear risk mitigating directives for projects with digital technology components.
• Manage and maintain a framework for roles and responsibilities regarding information and master data ownership, classification, accountability and protection of digital assets.
• Build external networks consisting of industry peers, partners, vendors and other relevant parties to stay up to date on best practices.
• Partner with the architecture team to develop security architecture standards.
• Monitor security advisory groups and ensure necessary security updates, patches and preventive measures are in place.
• Comply with all company or regulatory policies, procedures and requirements applicable to this position.
• Foster and preserve a culture of inclusion.
• Additional duties and responsibilities may be required to support the company’s mission, vision and values.

Qualifications

• High school diploma or equivalent. Bachelor’s degree in management information systems, cybersecurity, computer programming or related field strongly preferred.
• Minimum three years of experience with Microsoft products in Cloud Security, O365, Azure AD, Azure Identities and governance, Identity and Access Management, Microsoft Azure Sentinel, Azure Information Protect, Cloud App Security, MS Defender, and Endpoint Security.
• At least one Microsoft security solution certification including Microsoft 365 Certified: Security Administrator Associate, Microsoft Certified: Security Operations Analyst Associate, or Microsoft Certified: Information Protection Administrator Associate.
• Highly vigilant and detail-oriented to effectively detect vulnerabilities and risks.
• Proven track record and experience in successfully executing programs that meet the objectives of excellence.
• Strong analytical and problem-solving skills with a proven ability to make decisions and lead through high-pressure situations.
• Strong track record of sound judgement and professionally handling highly confidential and sensitive matters.
• Knowledge of the latest trends and awareness of current hacking techniques and cybercrime.
• Excellent written and verbal communication skills, interpersonal and collaborative skills.

Requirements

• Experience with vulnerability scanning, reporting and management (Tenable), Enterprise password vaults, PKI, Application control, Network micro-segmentation.
• Experience working with CISCO Firepower 2120 Threat Defense, CISCO Firepower Management Center for VMware, CISCO ISE, ISCO Stealth Watch, CISCO Umbrella, CISCO AnyConnect Endpoint, and CISCO AMP Endpoint.
• Professional security certifications are desirable, such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP).
• Strong knowledge of web, mobile, and/or desktop application security vulnerabilities and countermeasures, including the OWASP Top 10.
• Knowledge of common information security and service management frameworks, such as ISO/IEC 27001, ITIL/ITSM, COBIT/ISACA, Cloud Security Alliance.
• Knowledge and understanding of the relevant legal and regulatory requirements for the Financial and Banking Industry relevant to FFIEC, PCI-DSS, SOC ½ and SOX.
• Experience with ITIL processes.

Working Conditions

Duties are performed in a professional office environment.

At QCR Holdings, Inc. we are committed to fostering and preserving a culture of inclusion and strongly believe that it's our differences - of all kinds - that make our company and our communities better and stronger.

QCR Holdings, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or other protected class status.

It is the policy of QCR Holdings, Inc. to comply with the Americans with Disabilities Act by providing reasonable accommodations to enable qualified individuals with disabilities to access the job application and interview process, to perform the essential functions of the job, and to receive equal access to other benefits and privileges of employment.