Security Administrator

Job Title: Security Administrator

Classification: Exempt

Department: IT

Reports to: IT Director

Job Summary

The Security Administrator will be responsible for ensuring the security of PHSU’s information systems through the implementation, monitoring, and management of various cybersecurity tools and processes. This role involves collaborating with the IT Director to develop and enforce IT security policies and procedures, as well as overseeing user and email account management. The Security Administrator will also play a key role in maintaining Active Directory, managing folder and file permissions, and conducting cybersecurity awareness training.

Key Responsibilities:

1. Cybersecurity
   • Utilize SIEM tools such as AT&T MTDR to monitor for security threats and anomalies.
   • Conduct weekly meetings with the SOC to discuss security incidents and responses.
   • Manage and monitor Symantec Endpoint and Data Security Plus for threat detection and data protection.
   • Implement and manage security policies in Office 365 Defender for anti-phishing, anti-spam, DLP, and safe links.
   • Ensure compliance with security standards, referencing frameworks such as NIST 800-171, and the IT security policies.
   • Engage in regular meetings with security auditors to review and discuss compliance requirements, audit findings, and recommendations for enhancing security measures.
   • Maintain and upgrade all security solutions.
   • Track database and systems vulnerabilities.
   • Design and carry out new security measures once potential security risks have been determined.
   • Design a proactive plan of action against security breaches.
   • Test information resources to ensure security mechanisms function properly.
   • Collaborate with security auditors to address any identified vulnerabilities or areas for improvement.

• Build monthly reports about the state of the security of all systems, security threats, incidents, solutions, and projects to harden the security, among other security matters.

1. User & Email Accounts
   • Set up Windows user and email accounts for faculty and staff.
   • Implement MFA in Azure AD for enhanced account security.
   • Manage user accounts and licenses in the Office 365 Admin Center.
2. Active Directory On-Prem & Azure AD
   • Create and maintain AD objects such as user accounts, security groups, and OUs.
   • Perform quarterly account reviews to ensure compliance.
   • Maintain a well-organized AD structure, including OUs, security groups, computers, and servers.
3. Folders & Files Permissions
   • Grant and revoke permissions for user home folders and department-shared folders on local file servers.
   • Review and refine access permissions regularly to ensure users have only the minimum permissions necessary to perform their job functions.
   • Implement encryption mechanisms for sensitive files and folders to protect data at rest. Encryption adds an extra layer of security, especially for files containing confidential information.
   • Regularly audit file permissions to identify and remediate any misconfigurations or unauthorized access. This proactive approach helps maintain the integrity and security of file systems.
   • Educate users on best practices for managing and accessing files and folders securely.
4. Cybersecurity Awareness
   • Manage cybersecurity awareness training using ERM Protect.
   • Review and select training materials aligned with security policies and best practices. Ensure users complete the assigned training and generate reports on training progress.
5. Remain Up-to-Date on Relevant Technology
   • Stay informed about advancements and updates in technology relevant to the assigned tasks.
   • Actively participate in professional development opportunities, including workshops, webinars, and conferences, to enhance knowledge and skills.
   • Regularly research emerging technologies and best practices to identify opportunities for improvement and innovation.
   • Evaluate new tools, software, and solutions that could enhance efficiency, security, and user experience within the IT environment.
   • Pursue relevant certifications or training courses to deepen expertise in key technologies and stay current with industry standards.

Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Relevant certifications such as CISSP, CompTIA Security+, or equivalent.
• Minimum of 3-5 years of experience in information security or a related field.
• Experience with cybersecurity tools such as SIEM, endpoint protection, and data loss prevention.
• Proficiency in Active Directory management and Office 365 administration.
• Strong understanding of security standards and frameworks (e.g., NIST, ISO).
• Excellent communication skills with the ability to communicate security matters effectively to technical and non-technical stakeholders.
• Strong problem-solving skills and attention to detail.
• Familiarity with regulatory requirements such as HIPAA and FERPA.
• Experience with security awareness training platforms.
• Ability to adapt to evolving security threats and technologies.
• Demonstrated commitment to ongoing learning and professional development, with a proactive approach to remaining current with advancements in technology relevant to the responsibilities of the role.

 

Supervisor Responsibility

This position has no supervisory responsibilities.

 

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, and filing cabinets. This position involves sitting at a desk for long periods of time. This position works in an environment with moderate noise levels. (Examples: business office with computers and printers, light traffic.)

Physical Demands

The physical demands described here are representative of those that an employee must meet to perform the essential functions of this job successfully. While performing the duties of this job, the employee is regularly required to talk and hear.  The employee must regularly lift and/or move up to 10 pounds, frequently lift and/or move up to 25 pounds, and occasionally lift and /or move up to 50 pounds. This position requires standing, walking, bending, kneeling, stooping, crouching, crawling, and climbing all day. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

Position Type/Expected Days of Work

This is a full-time position. Days and hours of work are Monday through Friday; availability to work nonstandard hours and weekends if needed.

 

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time, with or without notice.

All those interested please send your resume to jobs@psm.edu & yesantiago@psm.edu