Senior Cybersecurity Analyst
IT- Other
NewarkDE Direct Hire Aug 7, 2024
SENIOR CYBERSECURITY ANALYST opportunity!

Overview:

Our client, a Delaware based water company, is seeking an Sr. Cybersecurity Analyst to join their growing team! This exciting role is a Direct Hire opportunity. Our client is seeking an individual local to their Newark office so they can work onsite 5 days a week. This position is not offering sponsorship at this time.

Job Summary: 
This position is responsible for ensuring the security and integrity of all company computer related equipment and networks. This position requires deep expertise in cybersecurity frameworks, controls, threat detection, incident response, vulnerability management, and network security within a hybrid IT/OT environment. The position is responsible for monitoring the changing threat landscape, monitoring compliance with security policies and practices, and both proactively and reactively responding to technology-based threats.

Responsibilities: 
Plan and Develop Security Posture
  • Anticipate and identify security needs implementing new processes, enhancements, applications, and services.
  • Administer a security portfolio supporting: Authentication, Authorization, Domain Services, Auditing, Logging, and Security for the Perimeter, Edge, Core, Endpoint devices, and their respective components
  • Administer, maintain and implement security monitoring tools across the enterprise
  • Propose policies, procedures, and technology to proactively address threats, trends, and findings from monitoring activities
  • Monitor security requirements and compliance across technology systems in all phases of the system life cycle.
Maintain and Develop the Cybersecurity and Information Security programs
  • Assures the use of approved methodologies for security initiatives
  • Monitor and maintain success criteria metrics for all security initiatives
  • Administer the organization’s penetration and vulnerability assessment program and audits
  • Administer the organization’s training on information security, cybersecurity, and security awareness
  • Administer and monitor the organization’s phish campaigns.
  • Implement, administer, and maintain networking and cybersecurity security related equipment, software, and services
Monitor and Respond to Threats
  • Implement, and administer appropriate technology and services to ensure the ability of the organization to prevent and respond to technology security threats
  • Develop, and administer solutions to monitor, enforce, and remediate compliance with organizational technology security policies, goals, and objectives
  • Evaluate and monitor technology activities to ensure that security safeguards are appropriately installed and configured.  Perform remediation where necessary
  • Conduct regular vulnerability assessments to identify cybersecurity gaps and areas for improvement through the organization
  • Prioritize and remediate vulnerabilities, collaborating with others where appropriate
  • Analyze logs from various sources (firewalls, IDS/IPS, servers) to detect and respond to security events
  • Develop and refine SIEM rules and use cases to improve detection accuracy
  • Perform proactive threat hunting to identify and mitigate potential threats
  • Participate in efforts to ensure the organization’s ability to recover from and respond to potential security risk events
  • Monitor, evaluate, and respond to cybersecurity related alerts from both internal and third-party sources
Plans and Develops Application Roadmap & Project Schedule
  • Assures the development of, and adherence to a roadmap and lifecycle for the portfolio
  • Propose and execute projects and priorities according to strategic and tactical imperatives
Assure Compliance with Security Policies and Practices
  • Ensure the organization’s compliance with policies, guidelines, procedures, and regulations
  • Identify and remediate security incidents and/or noncompliance with policies
  • Develop and lead internal/external security risk assessment processes including developing assessment criteria and methodology, reporting, responses to findings.  Develop, evaluate, and execute remediation plans where necessary.
  • Evaluate proposed purchases, projects, and changes to the technology environment to ensure appropriate technology security requirements are include in the statements of work, procurement documents, and implementation plans.
  • Administer and execute periodic cybersecurity assessments program for vendors
  • Monitor and enforce segregation of duties and appropriate use of privileged accounts within the technology stack.
  • Comply with and support activities initiated by Audit personnel
  • Prepare and draft responses to audit and security assessments
  • Implement approved audit and assessment recommendations
  • Develop, track, and ensure that plans of actions, milestones, and remediation plans are in place for identified vulnerabilities
 Assures the Company’s Risk is Managed and Minimized
  • Ensure adherence with contractual obligations, licensing terms, manufacturer requirements, and best practices based on published authoritative guidance
  • During contract discussions, negotiate favorable business terms on behalf of the company
  • Implement redundancy/resiliency in application and services
  • Assure that proper records and documents are created, maintained, and recoverable
  • Participate in review, enhancement and exercising of the Incident Response Plan

Required Skills and Experience:
Bachelor’s Degree in Computer Science, Information Technology, or related discipline from an accredited college or university, with a minimum five years of experience in Technology security, or equivalent combination of education and experience. Professional certifications such as CISSP, CEH, or equivalent.  Working knowledge of security, networking, and Technology Infrastructure related concepts, as well as common technologies and tools that support the latter.  Knowledgeable in Linux, Windows server and desktop OS, Active Directory, virtualization platforms, backups/disaster recovery, file systems, email server administration, databases, and enterprise scale applications.
ADDITIONAL REQUIREMENTS:
Experience:
  • Leading the design and implementation of all aspects of technology security
  • Leading and executing complex initiatives
  • Managing compliance with policies, regulatory requirements, licensing, and contracts
Skills:
  • Time and risk management/prioritization
  • Independent production
  • Complex research, problem solving & analysis
  • Verbal, written and interpersonal communication with management
Specialties:
  • Security controls and frameworks (CIS/CSF)
  • Vulnerability Scanning
  • Endpoint Detection and Response
  • Firewalls
  • Security Information and Event Management
  • Identity and Access Management
  • Multifactor Authentication
  • Active Directory Security
  • Technology Networking
  • Zero Trust Architecture
The ability to manipulate a keyboard is necessary for on-line communications, measurement and maintenance of systems.   Speaking, writing and reading are required for communications with other personnel; development of system documentation for standards, disaster recovery plan and special instructions; system measurement analysis and interpreting daily statistics.  Visual acuity is required for analyzing system performance and monitoring daily statistics.  Advanced thought processes and learning abilities required to permit the development of plans and courses of action from complex alternatives

#LI-JK1