Security Adminitrator

Job Overview:

This role will ensures the availability and reliability of any equipment/solutions/platforms categorized by perimeter, network, and endpoint security components not limited to firewalls, web application firewalls, intrusion detection and prevention systems, antivirus or antimalware (EDR/XDR) of ORIX Metro Leasing and Finance Corporation including administration of server(s) operating systems where these services are running. Ensure the availability and reliability of any equipment/solutions/platforms categorized by network equipment, not limited to switches, routers and gateway devices, in the absence of the network administrator.

Duties and Responsibilities:

• Adheres to the organization's policies, procedures, and standards.
• Creates, implements, and reviews plans following the organization's goals and objectives.
• Participates in technical research and development to enable continuing innovation.
• Reviews, identifies, and recommends enhancements to policies, procedures, and standards with other groups in the organization following best practices or existing frameworks not limited to disaster recovery and incident response plans.
• Participates in creating and reviewing disaster recovery and incident response plans, including testing and execution.
• Participates in disaster recovery and incident response plans tabletop, simulation, and actual exercises.
• Assists the department head in conducting a self-risk assessment to determine the controls or response required to lower the impact when realized to the acceptable level set by senior management.
• Performs asset discovery, identification of assets, risks and vulnerability assessment, and reporting.
• Identifies and create procedures to remediate an asset's weaknesses following the configuration and change process.
• Reviews plans and activities to be conducted by the Information technology data center and user's operations department if changes impact the infrastructure's availability, reliability, and integrity.
• Adheres to change management policies and procedures to lessen configuration mistakes that could lead to operational disruptions.
• Reviews and creates actionable items according to the observations provided by internal or external audit and information security office that affects non-production and production environment.
• Reviews and reports activities that resulted in an incident affecting availability and breach of data confidentiality and integrity.
• Guides and support the Information Technology Data Center and User's Operations Department and Information Security Office in containing and eradicating threats during a security incident.
• Coordinates and guides stakeholders on project deliverables to ensure statuses are up-to-date, and tasks are correctly followed on systems affecting the information technology enabled services.
• Consults and informs the immediate superior regarding enhancements or project activities that require his/her attention related to but not limited to incidents, problems, resources, or any information which requires the manager's attention.
• Manages vendor's day-to-day activities in supporting the organizations' operations.
• Conducts capacity management to ensure the availability and reliability of IT infrastructure.
• Manages server operating systems where security tools and services are running for him/her to perform his/her day-to-day tasks or deliverables.

Skill Competencies and Personal Attributes:

• Knowledge of Windows and Linux Operating System Administration
• Team player and process-oriented, able to work under pressure with knowledge in firewalls, web application firewalls, and endpoint security, including intrusion detection/prevention systems.
• Being certified in information security or related fields is a plus

Qualifications:

• Graduated with a BS in IT / Computer Engineering / ECE / Computer Science
• At least 4 years of experience in the organization with a large 24/7, mission-critical operations environment supporting enterprise systems
• At least 2 years' experience as a security engineer or administrator
• At least 1 year of experience as a security analyst
• Must be willing to work full-time on-site