Sr IT Security Administrator
Public Storage is recognized as one of America’s Best Large Employers in 2022 by Forbes and our employees have also voted us as a Great Place to Work, having Best Career Growth, ranked us in the Top 5% for Work Culture, and in the Top 10% for Diversity and Inclusion.
With more than 2,800 locations nationwide, Public Storage is the leader in the self-storage industry, and given our number of tenants, we may very well be the world's largest landlord. We've experienced unprecedented growth over the past four decades, and it's in no small part due to the dedicated team that has helped us become an S&P 500 industry leader, the country's largest real estate investment trust (REIT), and the most recognizable name in self-storage.
The Senior Information Security Administrator is a hands-on role that requires a high level of technical expertise. Our IT Security Administrator will be responsible for a broad range of tasks, including the day-to-day administration of cybersecurity tools and devices, as well as first-level and second-level support for security information and event management (SIEM). They will have a significant responsibilities for the security administration of a wide variety of IT systems across the enterprise, including support for various audit related activities.
The individual in this position interacts closely with product vendors and service providers, across our IT organization and with business departments. They will quickly adapt and gain In-depth knowledge of the various Public Storage operating systems and security applications, as well as a working knowledge of basic network protocols and tools.
- Performs user and access administration on designated systems and applications, in accordance with the defined policies, standards and procedures of the organization
- Performs system security administration on designated technology platforms, including operating systems, applications and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines
- Performs installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems
- Performs threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities.
- Applies patches where appropriate and, at the direction of the Manager, Cyber Security, removes or otherwise mitigates known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards
- Locates and repairs security problems and failures
- Collates security incident and event data to produce monthly exception and management reports
- Performs normal and exceptional processing of user access and change requests, escalating such requests when appropriate
- Reports unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes
- Assists and trains junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
- Develops and maintains documentation for security systems and procedures
- Researches, recommends, evaluates and implements cybersecurity solutions that identify and/or protect against potential threats, and respond to security violations
Event Management/SIEM Management
- Responds to and, where appropriate, resolves or escalates reported security incidents
- Monitors system logs, SIEM tools and network traffic for unusual or suspicious activity. Interprets such activity and makes recommendations for resolution
- Investigates and resolves security violations by providing postmortem analysis to illuminate the issues and possible solutions
Identity and Access Management
- Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained
- Administers and maintains end-user accounts, permissions and access rights for all systems
- Participates in infrastructure projects to develop, plan and implement specifications for network and distributed system security technologies in support of key information systems
- Assists in the management of firewalls, intrusion detection systems, switches and routers
- Downloads and test new security software and/or technologies
- Supports data encryption deployments, including key management
Risk and Control Assessment
- Implements or coordinates remediation required by audits, and document exceptions as necessary
- Performs system and application vulnerability testing
Threat and Vulnerability Management
- Research threats and vulnerabilities and, where appropriate, takes action to mitigate threats and remediate vulnerabilities
- Reviews, assess, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure
- Recommends, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach
- Monitors security vulnerability information from vendors and third parties
- Maintains network security diagrams
- Supports cybersecurity architectural requirements
- Participates in cybersecurity working groups
- Minimum of 5 years of IT or network security experience:
- Bachelor's degree in information systems, or equivalent work experience
- Relevant Certifications from SANS or ISC2, such as CCNP, CISSP, CISM or GISP
- Knowledge of cybersecurity principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management
- Technical proficiency with security-related systems and applications
- Experience in developing, documenting and maintaining security procedures
- Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts
- Working technical knowledge of current systems' software, protocols and standards
- Strong knowledge of TCP/IP and network administration/protocols
- Excellent written and oral communication skills. Ability to present ideas in business-friendly and user-friendly language.
- Excellent interpersonal skills.
- Ability to make to define problems, collect data, establish fact and resolve problems. Ability to analyze, interpret and apply laws, rules and regulations to business practices.
All your information will be kept confidential according to EEO guidelines.