Security Administrator?

Remedymp

Have anyone here ever worked in a role such as this below:

The ideal candidate would have working knowledge of configuring network equipment in accordance with various government regulations and be able to detect and deter unauthorized access.
Should be familiar with configuring network of Windows Domain Controllers and workstations in order to configure for various Government system hardening regulations. Experience with UNIX Based systems a plus.
Must have technical background and ability to interpret and implement various government directives to ensure systems are properly managed & secured. Knowledge of Risk Management Framework (RMF) methodologies is desired.
Be able to perform activities such as auditing, hardening (securing), account creation, etc… in domain environment, including Operating Systems and Network configurations.
Assist in the evaluation of security solutions to ensure they meet security requirements for processing classified information.
Conduct reviews and technical inspections (as directed by the ISSM) to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are implemented and functional.
Assess changes in the system, its environment, and operational needs that could affect the accreditation.
Strong knowledge preferred with NISPOM & ODAA Manuals, with knowledge of and be able to determine controls applicable to the systems, and documents implementation.

Any opinions on this?

infoscrub

Sounds like the company has a govt contract and you will be keeping a system compliant to all the NIST and DISA guidance and do whatever is required to have the system pass accreditation.

markulous

Kind of an odd description. They make it sound like a JOAT security/sys/net admin role with no real segregation of duties.

Remedymp

I currently work in Incident Response and am not sure if this would be a lateral move or an actual vertical leap for me. Salaried offered: $80k.

Danielm7

infoscrub wrote: »

Sounds like the company has a govt contract and you will be keeping a system compliant to all the NIST and DISA guidance and do whatever is required to have the system pass accreditation.

Yep, there is a lot of assisting, overseeing, reviewing, etc in there.

Remedymp

Danielm7 wrote: »

Yep, there is a lot of assisting, overseeing, reviewing, etc in there.

In other words, it's boring?

si20

A friend of mine got a job which involves "hardening servers etc" - there's only so much hardening you can do. Firewall, SIEM, strong passwords, patching etc. My friend said that he often has to do documentation and non-technical admin work because there's nothing to harden - the previous person who did the role had secured the systems as much as possible. All he needs to do is check the patch level once a month.

Remedymp

si20 wrote: »

A friend of mine got a job which involves "hardening servers etc" - there's only so much hardening you can do. Firewall, SIEM, strong passwords, patching etc. My friend said that he often has to do documentation and non-technical admin work because there's nothing to harden - the previous person who did the role had secured the systems as much as possible. All he needs to do is check the patch level once a month.

Sounds like a lateral move for me then. Although it pays 5% more.

beads

Security Administrator = entry level and likely very much a JOAT.

- b/eads