Job description

At Alaska Communications, we’re committed to putting our team first, always being customer focused, having a can-do attitude, owning our results and always acting with integrity. This is what we hire for and what our team members exhibit each day. Want to make an impact with us? Position Summary The IT Security Administrator will be responsible for safeguarding Corporate Information Technology Department computer networks and systems. This role involves implementing security measures, monitoring network activity, and responding to security breaches. The ideal candidate will have a strong background in IT security and a proactive approach to identifying and mitigating risks. The IT Security Administrator will work closely with the IT Infrastructure and Operations Team, IT Applications Team, and Enterprise Security Office. Essential Functions Reasonable Accommodations Statement To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. Essential Functions Statement(s) • Responsible for development and implementation of IT security programs, including incident management and response plans. • Responsible for the development and documentation of IT security policies, processes, and practices. • Responsible for development and implementation of technical controls for regulatory compliance programs such as Sarbanes-Oxley, PCI DSS, CMMC and others • Deploy and integrate security monitoring and detection solutions for malicious activity for on premises and cloud environments. • Monitor and tune security monitoring and detection solutions. • Perform vulnerability scans, analyze results, document findings, and track corrective actions for on premises and cloud-based systems and applications. • Perform security audits, threat hunting, incident response exercises and other activities to improve security posture. • Perform security reviews of on premises and cloud-based network and account configuration deployments to identify security gaps or vulnerabilities and recommend and prioritize remediation actions. • Respond to security incidents, provide supporting information to the appropriate Teams, and provide guidance through containment and remediation. • Research and recommend emerging security technologies and tools to address current and future threats. • Conduct activities to raise corporate awareness of cyber security policies, activities, and threats. • Perform other duties not specified on this job description, as assigned. Position Qualifications Competency Statement(s) • Customer Focus - Take overall accountability for customer relationships. Ability to communicate with customers effectively, on a proactive basis, and manage the communication process. • Execution Discipline - Ability to make and meet commitments critical to the organization’s success, including routine administrative tasks. • Personal leadership - Demonstrate personal leadership in all aspects of work, lead by example, and demonstrate strong personal accountability and ownership. Staying focused on the end game - and managing all dials to get to the desired outcomes. • Business and Process Leadership - Understanding of business processes: a keen understanding of the sales process and associated metrics and measurement. A keen understanding of key telco processes (sales/service, ordering/service delivery, billing, customer support) and the ability to map processes and understand inter-linkages to each other and to the systems that support the processes. • Project Coordination Skills - Must process strong organization, planning, analytical and problem-solving skills. • Accountability - Ability to plan, organize, measure and coordinate multiple tasks to deliver against a capital and operating expense budget. • Communication Skills Written & Oral - Must have excellent oral and written communications skills. Able to succinctly describe the status of business. Skills & Abilities Education: Bachelor’s degree in an Information Technology related field. Equivalent education, experience, and training may be substituted for the degree requirement on a year-for-year basis. Experience • Minimum three (3) years of experience managing and implementing enterprise systems/networks with 2 years direct experience in an Information Security role to include incident response activities. • One of the following industry security certifications is required: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or equivalent industry recognized Security Professional certification such as Global Information Assurance Certification (GIAC) required. • Experience and knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management. • Technical proficiency with security-related systems and applications, especially Cloud (AWS, Azure or GCP based technologies), Firewalls, IDS/IPS, Vulnerability Assessment tools, Endpoint solutions, Proxy servers, Security Incident and Event Management Systems, Data Loss Prevention, Active Directory, Identity and Access Management and Permissions Management desired. • Experience in developing, documenting, and maintaining security policies and procedures. • Ability to work well under minimal supervision. Skills • Core Security Skills • Network Security: Understanding firewalls, VPNs, IDS/IPS, and secure network architecture. • Endpoint Security: Knowledge of antivirus, EDR (Endpoint Detection and Response), and hardening techniques. • Application Security: Familiarity with secure coding practices, OWASP Top 10, and code review tools. • Cloud Security: Experience with securing AWS, Azure, or GCP environments (IAM, encryption, security groups). • Identity and Access Management (IAM): Implementing least privilege, MFA, SSO, and RBAC. • Technical Tools and Systems • SIEM Tools (e.g., Rapid7, Splunk): For log analysis and threat detection. • Vulnerability Scanners (e.g., Rapid 7, Nessus, Qualys): To identify and assess system vulnerabilities. • Penetration Testing Tools (e.g., Metasploit, Burp Suite, Nmap): For ethical hacking and red teaming. • Security Automation (e.g., SOAR platforms, scripting with Python/Bash): To automate incident response and monitoring. • Incident Response and Analysis • Threat Hunting: Proactively searching for threats in logs and systems. • Digital Forensics: Collecting and analyzing evidence after a breach. • Incident Response: Creating and executing playbooks for security incidents. • IT Knowledge • Networking: TCP/IP, DNS, DHCP, routing, switching, and packet analysis (Wireshark). • Operating Systems: Deep understanding of Windows, Linux, and macOS internals. • Databases: Basic security practices for SQL and NoSQL databases. • Virtualization & Containers: Security in Docker, Kubernetes, and hypervisors like VMware. • Other Skills • Demonstrated proficiency working with the Microsoft Office suite, to include Word, Excel, PowerPoint, and Outlook. • Strong Knowledge of Security Frameworks (ISO 27002, NIST 800-53, COBIT, HITRUST) • Knowledge of security regulations and standards (HIPAA, HITECH, PCI, FISMA, CMMC, SOX etc.) Other Requirements: The successful candidate will have excellent oral and written communications skills and experience in presenting technical issues to a wide variety of audiences. In addition, the candidate must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure We hope you’ll join us as we change lives through technology.

Requirements