Endpoint Security Team
The endpoint security team is responsible for ensuring the safety and security of all computers, mobile devices, servers and user accounts that connect to MUSC’s network.
Duties and Responsibilities
Anti-Malware / Anti-Virus
- Responsible for the end-to-end safety and security of the 24,000+ endpoint devices (15,000 computers, 8,000 mobile devices) on MUSC’s network
- Monitor System Center Endpoint Protection for viruses that cannot be cleaned automatically
- Help users install / uninstall System Center Endpoint Protection for Windows and Macintosh
- Shutdown machines on the network that are infected with viruses. Provide infection information and remediation information to multiple groups
- Verify infected machines have been remediated and if so, re-enable network access - Remediate accounts that were accessed by outside intruders. This includes remediation for accounts breached by phishing emails or malware.
- Monitor for and provide remediation of malware outbreaks
- Monitor FireEye IPS / IDS for infected machines and take appropriate actions to remediate
- Monitor the SIEM for machine infections and compromised accounts
- Remediate infected machines
- Manage deployment of all patches, critical updates and service packs on a timely basis
- Deploy software and Security updates to 11,000+ managed workstations and 2,000+ unmanaged workstations
- Troubleshoot issues with software and security updates on campus
- Manage the Secunia CSI / PSI environment (client deployment, policy creation and management and centralized monitoring)
Mobile Device Management / Two-Factor Authentication
- Mobile Device Management and Two Factor Authentication support
- Setup and maintain Mobile Device Management settings and policies
- Deploy, support, monitor and maintain the MDM and 2FA environments and infrastructure
- Develop and support the PCI compliance desktop image
- Install / convert computers that process credit card payments to PCI machines on campus to protect banking and credit card data
- Troubleshoot PCI machine issues and issues with the Remote Desktop portion of the PCI machines.
Incident Investigation and Response
- Perform computer searches and Internet Explorer history searches when requested by HR / Legal.
- Help locate devices that are misconfigured with bad passwords for users who are getting locked out of accounts.
- Monitor email blocks and user-submitted suspicious emails for phishing and malware.
- Sinkhole known phishing links and malware links to protect on campus machines from infection.
- Assist compliance in searching compromised accounts for PHI and PII.
- Copy hard drives for forensic purposes for any Legal / HR requests
- Help users install/uninstall and troubleshoot PGP encryption.
- Maintain encryption policies
- Maintain PGP encryption application and server
IT Security Evangelists
- Present to various organizations and groups on campus about IT security related topics
- Educate repeat offenders whose machines are constantly infected
- Instruct users on how to use Filelocker.musc.edu to securely share files
- Maintain the EST website with up to date information and tools