Information Security Consultant

TEAM: INFORMATION TECHNOLOGY

PAY TYPE: SALARY

JOB OVERVIEW:

At NCCI, we’re looking for an Information Security Consultant to join our team in leading the design, implementation, and integration of advanced security operations solutions, including but not limited to Identity and Access Management, Threat Management (Vulnerability Management, SIEM, and Incident Response), Cloud Security across major platforms (OCI, Azure, and AWS), and Network Security. In this role, you’ll also provide technical security guidance to the Software Engineering and Infrastructure and support the Information Security Engineer and Architects in strategic planning, new tool selection, and process improvements.

WORK LOCATION:

This position will work in a flexible-hybrid environment. The selected candidate must live locally within a commutable distance to our Boca Raton, FL headquarters.

NOTE: NCCI will not sponsor applicants for work visas.

WHAT YOU’LL DO:

• Partner with various IT teams to create and maintain applicable security standards primarily for cloud environments such as Azure, AWS, and OCI; and participate in other security disciplines such as IAM, vulnerability management, and IT systems (Networks, Windows, Linux, Database, Endpoint) Security
• Maintain and implement incident handling plans as they relate to cloud incident response; participate in incident response activities and plan, coordinate, and perform security testing exercises such as pen testing and tabletop exercises, including cloud-based scenarios
• Develop strategies to improve efficiencies using automation and orchestration solutions (ie: infrastructure-as-code and cloud security automation) to reduce manual work that can be done programmatically
• Lead the creation and maintenance of documentation related to NCCI’s security framework, program, and standards where applicable to role, including cloud security architecture and control mappings

WHAT IT TAKES:

• Bachelor’s Degree
• 6 years experience in an intermediate-level Information Security role with proven expertise in multiple aspects of security and IT operations, including securing cloud or hybrid environments
• In lieu of the degree, additional work experience and/or trade school or applicable certifications would be acceptable
• Certification in at least one of the following: CISSP, SANS GIAC, CEH, or vendor specific certifications related to security disciplines such as cloud (ie: AWS, Azure, or OCI security certifications) 
• Advanced knowledge of:
  • Information Security concepts, principles, and practices
  • Cloud security across multiple disciplines including IAM, Workload Security, and Cloud Security Posture overall
  • Security aspects for multiple operating systems, networking technologies, encryption technologies, and applications
  • Network security technologies, such as Firewalls, VPN, IDS/IPS, etc.
  • Identity and Access Management, including Role Design, Campaign Design, Source System Integration, and cloud IAM services
  • Continuous monitoring principles, including threat management, SIEM, File and Database Activity Monitoring, and Incident Response in both on-prem and cloud environments
  • Multiple security domains inclusive of security management, access control systems and methodology, network security, cryptography, operations security, application and system development security, threat management, and incident response
  • Security control frameworks, standards, governance, and security best practices as applied to cloud and hybrid architectures
• Intermediate knowledge of:
  • Secure Coding principles
  • Scripting experience and programming language, such as PERL, Java, .NET, or scripting used for cloud automation (e.g., Python, PowerShell)
• Proven ability to:
  • Work independently with guidance in only the most complex situations
  • Be agile in learning, seek to excel, be curious and adaptable
  • Act as lead in managing security related projects and investigations including cloud security initiatives
  • Maintain a high level of professionalism and confidentiality
  • Work well under pressure
  • Solve complex problems, analyze information, identify and assess risks, and make tactical and strategic recommendations
• Excellent organizational, planning, written and verbal communication skills
• Strong client-facing skills with ability to handle and lead conversations with large technically diverse teams
• Organized, responsive, and highly thorough problem solver
• Experience driving measurable improvement in security operations and risk reduction within the organization including cloud risk reduction
• Excellent time management skills to aid in meeting specific goals and plans to prioritize, organize, and accomplish
• Ability to be on-call and work outside of regular business hours as needed
• An additional requirement for this role is the successful passing of a credit check review for the selected candidate

PREFERRED SKILLS AND EXPERIENCES:

• Additional advanced information security related certifications from SANS GIAC (Global Information Assurance Certification); ISACA, ISC2, etc.
• Hands-on experience securing cloud environments such as OCI, Azure, and/or AWS, including logging, monitoring, IAM, workload security, cloud security posture and cloud network security

WHAT YOU’LL RECEIVE:

• Work for the leader in workers compensation information providing data, insights, and tools for almost 1,000 insurance companies
• Competitive starting base pay plus a targeted annual performance bonus
• For local candidates: a phenomenal work environment, with perks including an onsite café, coffee shop, game room, fitness center, and employee activities and sports leagues to participate in
• Wonderful team of dynamic people to work with who are fun, caring, and friendly
• Positive work environment and culture that celebrates success and honors each other’s contributions to the team
• Fantastic benefits package and total rewards offerings

WHO TO CONTACT:

Zach Wierzba

Sr Talent Acquisition Specialist

zach_wierzba@ncci.com

EQUAL EMPLOYMENT OPPORTUNITY:

NCCI Holdings, Inc. is an Equal Opportunity Employer. It is our policy to provide equal opportunities to our employees (for example, in hiring, promotions, training) and to all job applicants, and to maintain a work environment free of discrimination on the basis of race, creed, color, national origin, marital and veteran status, gender, age, status as a qualified individual with a disability, religion, sexual orientation and gender identity or expression, genetic information, or any other basis prohibited by law. This policy applies to all employees and job applicants for employment.

We require a drug screen and background check. Smoke Free environment.