Data Security Administrator

Location-Hybrid work model in Peoria, IL or Nashville TN or Dallas, TX

Position’s Contributions to Work Group:

- They will enable us to retain our current headcount within the CSIRT organization and effectively utilize their available time for product evaluations,

automation process improvements, and so forth.

Additionally, our team is planning to take on extra support responsibilities in 2026, which this resource will significantly aid.

Typical task breakdown:

- A typical day for a Threat Protection Team analyst usually revolves around monitoring and responding to security incidents, managing vulnerabilities, and

- collaborating with team members.

- - **Daily CSIRT Meeting:** The day often starts with a daily Cyber Security Incident Response Team (CSIRT) meeting. Analysts discuss ongoing incidents,

- share updates on previous cases and prioritize tasks for the day. This is a crucial time for knowledge sharing and aligning on strategies.

- - **ServiceNow Queue Management:** After the meeting, the analyst checks the ServiceNow queues for any new incidents or requests. This involves

- reviewing tickets related to security alerts, assessing their priority, and assigning them for investigation or resolution.

- - **Vulnerability Remediation:** The analyst reviews vulnerability reports generated by the CrowdStrike platform. They prioritize vulnerabilities based

- on risk levels and business impact and begin coordinating with IT and development teams to address critical vulnerabilities.

- - **Incident Investigation:** Analysts spend a significant part of their afternoon investigating security incidents. This includes analyzing logs, reviewing

- endpoint data and determining the scope of any breaches or threats.

- - **Documentation and Reporting:** As the day wraps up, analysts document their findings and actions taken in ServiceNow. They prepare reports for

- management and ensure that all incidents are properly logged and categorized for future reference.

- - **Follow-up Tasks:** Before finishing for the day, analysts follow up on any unresolved tickets and ensure communication with relevant stakeholders

regarding ongoing remediation efforts.

- Support Client’s Endpoint Detection & Response (EDR) (including Linux/Ubuntu server), Identity Management,

- Vulnerability Management / Attack Surface Visibility / Response Actions environments.

- Promote automation for monitoring and remediation of client health issues, monitoring of EDR Infrastructure, vulnerability remediation, and aligning to Enterprise ITSM change and control procedures.

- Be a liaison between Corporate Cybersecurity, and our business partners to help understand their operations and maintain global security processes, while building collaborative relationships, provides expertise, technical guidance, and security awareness as needed.

Interaction with team:

- Interacting with team lead and some additional support responsibilities.

- 6 teams members

Work environment:

Hybrid work model

Education & Experience Required:

- Degree is a nice to have- weighted a little more*

- 1-3 years experience, someone who is eager to learn and gain experience.

Technical Skills

(Required)

- Cloud Services Knowledge / Experience

- Ubuntu Operating System Experience

- Experience with Host Group, Prevention Sensor, and Policy Configuration

- Experience using and/or maintaining commercially available Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR) tools.

- Experience supporting Kernel level security solutions.

- Exposure to SQL, PowerShell or Python Scripting, Command Line Interfaces

- OS Administration: Windows, MacOS (command line, services, data manipulation, installation, and system operation)

- Experience with Windows/macOS Frameworks and events relevant to security.

- Remote Administration Tools

- Help Desk/Break Fix/Desktop Support Experience

- Installing/Removing/troubleshooting MSI packages

- ServiceNow Experience

- Automation Solutioning & Experience

- Technical Certifications: SANS, CompTIA, or MS Certs