Job Description
Job DescriptionIT Security Specialist
Location: New York, NY
Duration: 12-Month Contract
Position Overview
We are seeking an experienced IT Security Specialist to enhance and maintain the security posture of enterprise IT environments spanning cloud, on-premises, and hybrid infrastructures. This role will focus on cybersecurity governance, risk management, vulnerability management, security operations, compliance initiatives, and security awareness while supporting continuous improvement across the organization's security program.
Key ResponsibilitiesCyber Compliance & Governance
- Support compliance with security standards, regulatory requirements, and organizational policies.
- Maintain and update security policies, standards, procedures, and related documentation.
- Participate in internal and external security audits and assessments.
- Track remediation activities, risk acceptance documentation, and corrective action plans.
- Provide compliance reporting and status updates to leadership.
- Ensure new systems and integrations adhere to security accreditation requirements.
Risk Assessment & Management
- Conduct enterprise security risk assessments.
- Identify, evaluate, document, and prioritize security risks across infrastructure, applications, cloud environments, and endpoints.
- Develop and recommend risk mitigation strategies.
- Maintain risk registers, dashboards, and remediation tracking.
- Support vendor and third-party risk assessments.
- Prepare executive-level risk summaries and recommendations.
Vulnerability Management
- Perform vulnerability assessments and scans using industry-standard tools.
- Analyze findings and prioritize remediation efforts based on risk exposure.
- Coordinate remediation activities with infrastructure and application teams.
- Validate remediation through re-scanning and verification processes.
- Develop dashboards and reports to track vulnerability trends and remediation performance.
- Support endpoint vulnerability analysis and security posture reviews.
Security Operations & Monitoring
- Monitor systems and networks for suspicious activity and security events.
- Investigate security alerts and incidents.
- Conduct root cause analysis and implement corrective actions.
- Support SIEM operations, alert tuning, and log management activities.
- Stay informed of emerging cyber threats, vulnerabilities, and attack trends.
Endpoint & Infrastructure Security
- Support implementation and management of security controls including:
- Firewalls
- IDS/IPS
- Endpoint Detection and Response (EDR)
- Antivirus Solutions
- Encryption Technologies
- Identity and Access Management Controls
- Assist with endpoint hardening and security baseline reviews.
- Support operational security tasks across enterprise infrastructure.
Team Collaboration & Mentorship
- Mentor junior security personnel and provide technical guidance.
- Promote knowledge sharing and security best practices.
- Collaborate with infrastructure, application, cloud, and business teams.
- Support the growth and maturity of the cybersecurity program.
Security Awareness & Training
- Develop and deliver cybersecurity awareness programs.
- Conduct security training for technical and non-technical users.
- Support phishing awareness and security education initiatives.
- Promote a security-first culture throughout the organization.
Reporting & Executive Communication
- Develop and present reports covering:
- Security Risks
- Vulnerability Metrics
- Compliance Status
- Incident Trends
- Remediation Progress
- Build dashboards and visualizations for leadership reporting.
- Communicate security findings and recommendations to executive stakeholders.
Required Skills
- Cybersecurity Governance and Compliance
- Risk Assessment and Risk Management
- Vulnerability Management
- Security Operations and Incident Response
- Endpoint Security and Infrastructure Protection
- Security Monitoring and Threat Analysis
- SIEM and Log Management
- Security Policy Development
- Security Awareness Training
- Executive Reporting and Dashboard Development
Preferred Technical Experience
- Vulnerability Management Platforms (Rapid7 or similar)
- Endpoint Detection and Response (CrowdStrike or similar)
- Firewalls, IDS/IPS, and Network Security Controls
- Cloud Security and Hybrid Infrastructure Security
- Security Frameworks and Compliance Standards
- Encryption Technologies and Security Protocols
- Risk Assessment Methodologies
- Security Monitoring and Incident Investigation
For more details reach at resumes@navitassols.com