Junior IT Security Admin

Lutheran Social Services is currently seeking a Jr. IT Security Admin / Security Analyst to join our growing IT team. IT Security Analyst carries out security measures to protect the organization's computer networks and systems. This includes installing software, implementing firewalls, and evaluating process and procedures. The IT Security Analyst may be required to analyze, troubleshoot, and respond to to any breaches or issues. The IT Security Analyst will collaborate closely with the IT Help Desk, Application Developers, line-of-business analysts, and the Infrastructure team when problems arise to ensure they are resolved quickly and communications are promptly delivered to the appropriate parties.

This is a full-time, benefit eligible opportunity with hours primarily M-F, 8 AM - 5 PM. The role is anticipated to be onsite at our corporate office in West Allis, but may have the ability to move to a hybrid role after training is complete and 6 months in the role.

Essential Duties and responsibilities:

We seek a detail-oriented and proactive IT Security Analyst to join our dynamic Information Technology team. As an IT Security Analyst, you will safeguard our organization's digital infrastructure, identify and mitigate security risks, and ensure compliance with relevant security policies and standards. This role requires expertise in security technologies, a keen understanding of vulnerabilities and threats, and the ability to respond to and investigate security incidents.

Key Responsibilities:

• Security Monitoring: Continuously monitor and analyze security alerts, logs, and traffic to detect potential security incidents and vulnerabilities using current security tools.
• Incident Response: Investigate and respond to security breaches or incidents, including assessing the impact, mitigating risks, and performing root cause analysis.
• Risk Management: Assess and prioritize security risks, perform vulnerability assessments, and work with relevant teams to implement mitigation strategies.
• Security Architecture: Assist the Security Administrator in designing and implementing security architecture and infrastructure to ensure robust protection of systems, networks, and data.
• Threat Intelligence: Stay up-to-date with the latest cybersecurity trends, emerging threats, and vulnerabilities, and proactively apply this knowledge to strengthen the organization's security posture.
• Compliance and Policies: Ensure compliance with regulatory requirements and internal policies (e.g., HIPAA, CARF) and assist in preparing for security audits and assessments.
• Security Tools Management: Manage and maintain security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), anti-virus software, encryption tools, and more.
• Collaboration and Training: Collaborate with cross-functional teams, including IT, legal, and compliance, to promote security awareness and ensure secure practices are followed across the organization.
• Reporting: Prepare regular reports on security incidents, vulnerabilities, and overall security status to management, ensuring clear communication of key issues and risk assessments.

PERKS:

• Public Service Loan Forgiveness (PSLF)
  
  
  
  • By being employed with LSS, which is a non-profit agency, you can be eligible for loan forgiveness under the Public Service Loan Forgiveness program.
  • Loans are eligible to be forgiven after 10 years of on-time and consistent payments through the income-based re-payment plan.
  • Assistance navigating the PSLF through Summer
  
  
  
  
• Medical/Dental/Vision Insurance
• Flex Spending for Dependent & Health Care
• Mileage reimbursement
• Paid Time Off
• 10 Paid Holidays
• Ability to Contribute to 403B
• LSS makes annual raises a priority for employees
• Calm Wellness App - Premium Access
• Early Earned Wage Access with UKG Wallet
• Employee Assistance Program
• Service Awards and Recognition

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Upon offer, candidates must successfully complete the necessary background, caregiver, medical and any other checks required, according to program requirements. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

EDUCATION AND/OR EXPERIENCE:

* 2-year degree in IT Security or related field required

* 2+ years of IT security experience required. Please see additional experience details in the skills/technology section below

* CompTIA Security+ certification preferred

CERTIFICATES, LICENSES, REGISTRATIONS:

Must have a valid driver's license and have reliable transportation to perform the essential duties of the role; a motor vehicle check (MVR) with a satisfactory driving record per the LSS Driver Safety Procedure is required, and ability to meet LSS auto insurance requirements.

LANGUAGE SKILLS:

Ability to communicate both in verbal and written format, effectively and efficiently in job. Ability to effectively present information to supervisor, leadership, senior management, project members, vendors, and other employees of the organization. Ability to communicate clearly, articulate goals and objectives fully. Must be able to adjust messaging and communication depending on audience.

SKILLS/TECHNOLOGY:

1. Network Security

• Firewall Configuration & Management: Ability to monitor and troubleshoot firewalls to control incoming and outgoing network traffic based on predetermined security rules.
• Intrusion Detection/Prevention Systems (IDS/IPS): Support and manage IDS/IPS tools to detect and prevent unauthorized access to networks and systems.
• Virtual Private Networks (VPNs): Support and managing VPNs to secure remote access and communications.
• Software and Applications: Experience in Microsoft Server administration, including Active Directory, and advanced skills in managing Server 2012, 2016, and 2019. Working knowledge in VMware virtualization technology and WhatsUp Gold.

2. Cryptography

• Encryption Technologies: Knowledge of encryption protocols like AES, RSA, and SSL/TLS to protect sensitive data in transit and at rest.
• Public Key Infrastructure (PKI): Understanding of PKI systems and how certificates and encryption keys are managed to secure communication.
• Hashing Algorithms: Familiarity with hashing algorithms (e.g., SHA-256, MD5) used for data integrity verification and password storage.

3. Operating Systems Security

• Windows Security: Proficiency in securing Windows-based systems, including group policies, user access control, and auditing tools.
• Endpoint Security: Experience with securing endpoints (desktops, laptops, mobile devices) through antivirus and endpoint detection.
• Software and Applications: Experience with Sophos or various other EDR solutions.

4. Security Information and Event Management (SIEM)

• SIEM Tools:

5. Vulnerability Management

• Vulnerability Scanning & Assessment: Proficiency in using tools like Nessus, Qualys, or OpenVAS to identify vulnerabilities within an organization's systems and applications.

6. Incident Response & Forensics

• Incident Detection & Analysis: Ability to recognize signs of security incidents, such as unauthorized access, malware infections, or data breaches.
• Root Cause Analysis: Investigation and identification of root causes of security incidents to prevent recurrence.

7. Threat Hunting & Intelligence

• Malware Analysis: Knowledge of how to analyze and reverse-engineer malware to understand its behavior and mitigate its impact.

8. Cloud Security

• Cloud Platforms Security: Knowledge of secure cloud environments and how to configure, manage, and support
• Software and Applications: Experience in managing Microsoft 365 admin center, focusing on security, compliance, and Intune areas. Then, other vendors may include but not limited to Barracuda, Cisco Meraki, and Ubiquiti.

9. Authentication & Access Control

• Multi-Factor Authentication (MFA): Advanced knowledge of MFA and how it relates to the security of user logins and sensitive systems.

10. Security Compliance & Frameworks

• Regulatory Compliance: Knowledge of security standards and accreditations such as HIPAA and CARF and how to ensure compliance.
• Security Frameworks: Knowledge of security frameworks such as NIST Cybersecurity Framework that will standardize security practices and assessments.
• Security Training: Experience with KnowBe4 security awareness training to educate employees on cybersecurity best practices.

TRAVEL: Ability to travel on day trips as required up to 25%. Some overnight travel may be required.

LSS is an Equal Opportunity Employer.