Cyber Security Lead
The Cyber Security Lead conducts complex security related assessments as part of S.P. Richards (SPR) Information Security program and processes. Acts the primary point of contact for all emergencies and security incidents. The Cyber Security Lead will be responsible for coordinating and communicating a timely and appropriate response impacting the SPR customers and all relevant stakeholders.
Work Hours: 8:00am-5:00pm
- Perform as a Leader for Security Engineering.
- Act as technical hands-on lead for Security Engineering/Operational Projects.
- Assist CSIRT in all security incidents and subsequent reporting
- Assess and modify procedures to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access, modification or destruction.
- Writes network security reports and make recommendations.
- Ensures compliance with organizational security rules and standards.
- Prioritize remediation of gaps based on internal and external audits
- Prepares compliance reports/presentations by collecting, analyzing, and summarizing data
- Assist with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports
- Work with stakeholders to provide security solutions that support their business requirements
- Identify, develop, and implement mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.
- Conduct security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices
- Respond to discovered security incidents by informing appropriate custodians, determining root cause, and identifying and executing remedial actions (if necessary) required to re-establish respective information system security
- Coordinate activities or engagements with loss prevention, interact with legal and law enforcement as required
- Lead a team of Security Engineers
- Trains and mentors engineers and others within the IT department.
- Bachelor’s degree in Computer Science, Engineering or related discipline with 5+ years of experience
- Minimum of 10 years of information systems security or related auditing experience
- Preferred certifications: CISSP, CEH, GSEC
- Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone
- Strong analytical, technical, and problem-solving skills
- Ability to work effectively, independent of assistance or supervision
- Innovative, creative, and extremely responsive, with a strong sense of urgency
- Willing to share knowledge and assist others in understanding technical and business topics
- Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays
- Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling)
- Working knowledge at a Network Security Engineering level with Firewall, F5 ASM, Proxy, and NAC (ISE) experience.
- Working knowledge of protocols and technologies such as TCP, UDP, SSL/TLS, SFTP, SMTP, DNS, DHCP.
- At least one technical certification related to a major platform (Microsoft, Cisco, F5, Etc.)
- Ability to interpret information security data and processes to identify potential compliance issues
- Ability to quickly understand security systems in order to identify and validate security requirements
Preferred skills and capabilities
- Cloud security & architecture experience with most major cloud providers.
- Experience with performing vulnerability scans and assessments as well as computer forensics
- Familiarity with Governance Risk and Compliance models.
- Security Information and Event Management experience. (SIEM).
- A solid understanding of various firewalls, with actual experience in design, installation, configuration, and operation
- Knowledge of network protocols, data flows, and vulnerabilities within a TCP/IP environment
- Ability to perform network protocol analysis and raw data capture
- A solid understanding and knowledge of LDAP
- Knowledge of OWASP, ISO 27001/2, PCI-DSS
- Self-motivated, self-directed and shows attention to detail
- Works ethically and with integrity supporting organizational goals and values
- Displays commitment to excellence
- Completes work in a timely manner and meets deadlines
- Contributes to building a positive team spirit and treats others with respect
- Maintains confidentiality of information and uses information appropriately
- Exhibits sound judgment when making decisions and recommendations
- Fosters collaboration toward a common vision and shared goals
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public. Must be able to communicate well with staff to insure that all understand tasks, priorities, and schedules. Must be able to communicate well with end users/customers to help resolve issues.
Well versed in general PC hardware. Good working knowledge of PC operating systems, PC networking, and major PC software applications.
Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.
Must be able to determine support requirements of proposed PC applications. Must have troubleshooting abilities to be final escalation of PC support issues.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel; reach with hands and arms; stoop, kneel, crouch, or crawl; and talk or hear. The employee must occasionally lift and/or move up to 50 pounds.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job the employee is regularly required to use hands to finger, handle, or feel; reach with hands and arms; talk or hear and taste or smell. The employee is frequently required to stand; walk and sit.
The employee is occasionally required to lift up to 50 pounds. The vision requirements include: close vision, distance vision, peripheral vision and ability to adjust focus.
The noise level in the work environment is usually moderate.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.