The Job Details are as follows:
Discover. Innovate. Collaborate. Inform. A few words we use to describe a career at OCLC.
Technology with a Purpose. OCLC supports thousands of libraries in making information more accessible and more useful to people around the world. OCLC provides shared technology services, original research and community programs that help libraries meet the ever-evolving needs of their users, institutions and communities. With office locations around the globe, OCLC employees are dedicated to offering premier services and software to help libraries cut costs while keeping pace with the demands of our information-driven society.
The Associate Info Security Engineer is responsible for the monitoring and support of the security infrastructure and other security solutions within the enterprise. Protects computer assets by monitoring technical vulnerabilities and security monitoring tools, such as Intrusion and Malware Detection Tools. As well as identification and response to security and operational incidents as appropriate. Specific duties include running vulnerability scans, managing the work ticketing queue, and other duties as assigned.
The Associate Info Security Engineer will coordinate, develop, evaluate, implement, and administer security and compliance programs and policies. This person will be primarily responsible for ensuring that proper IT security and other requisite compliance/controls are applied to the technology systems in accordance with established policies, procedures, and standards.
- Run various security and privacy scans based on established procedures and processes.
- Suggest improvements for scan processes based on experience and feedback from other team members.
- Recommend security or privacy controls and corrective actions based on observation or scan results.
- Independently diagnose issues involved in any of our scanning processes.
- Provide incident response support by assisting the Security Team, or other responsible parties within OCLC.
- Share lessons learned, initial indicators of detection, and opportunities for strengthening detection capabilities.
- Produce monthly summary reports based on established procedures.
- Suggest improvements to monthly reporting based on observation and experience.
- Working knowledge of key information security related standards or guidelines, like OWASP, ISO 2700x series, Data Security and Privacy Acts, NIST 800-53, UK Security Essentials, and/or FedRAMP
- General understanding of application, network, operating system, and core infrastructure security concepts
- Additional certifications, i.e. Security+, CAP, CSSLP, SSCP, CCNA, PCCSA, AWS-CCP or equivalent certification, are a plus.
- Organization and planning: Ability to understand and determine priorities, effectively manage time, and develop work plans to accomplish tasks and/or projects
- Judgment and decision making: Ability to apply general rules to specific problems to produce answers that make sense
- Innovation and creativity: Ability to generate and translate ideas and adapt to change
- Teamwork: Ability to effectively participate and contribute as a member of a work group; ability to lead or follow others as appropriate to most effectively accomplish the goal or task at hand
- Communication: Ability to clearly organize and effectively convey information with the capability to motivate, develop, and mentor staff to optimize their performance
- Leadership: Ability to inspire others to work toward a common goal and reach their potential
- Ability to work under pressure: Ability to work concurrently on multiple initiatives in various stages, while maintaining attention to detail and managing deadlines