Security Analyst

Responsibility:

• Perform and mature security operations of three (3) main areas: Cyber/logical, Physical, and Compliance so that they are well managed, documented, and efficient
• Monitor and respond to alerts and events from systems like endpoint protection, IDS/IPS, & email security, SIEM, and cloud-native security services, and respond to various managed third-party security service providers.
• Administer and maintain both physical and logical security systems and solutions.
• Perform identity management functions for all systems and improve processes.
• Work with IT staff to identify and mitigate security vulnerabilities and audit information security processes and procedures.
• Assist with day-to-day physical security operations of a high-security manufacturing facility.
• Develop, maintain, and report on security operations metrics.
• Assist with Application Security operations such as threat modeling, SAST, DAST, SCA, and security vulnerability/bug management.
• Assist with maintaining PCI compliance, including managing PCI DSS and PCI Card Production compliance and passing annual assessments performed by an external auditor/QSA.
• Perform third-party risk management activities.
• Assist with cyber/logical and physical security audits, review findings, and recommend and perform corrective actions.
• Assist with performing incident response activities for any physical or cyber/logical security incidents, including containment, investigation, remediation, and reporting.
• Assist with developing and implementing security awareness & training programs for the security guard staff, manufacturing personnel, developers, and company users.
• Manage and evaluate security vendor relationships and technologies.

Skills/Knowledge/Qualifications:

• Vulnerability/Threat Management
• Endpoint Detection Response/IDS/IPS
• PCI Standards
• System Hardening
• Data Loss Protection
• Ability to work independently and make decisions regarding a high-security facility and IT environment.
• Be able to work with cross-functional teams to meet security goals and requirements.
• On-call and non-standard business hours work may be required.
• Must be highly organized; security conscious; able to write quality, readable documentation; adhere to change management policy and procedures.

Experience in any of the following is a plus:

• Cloud Infrastructure
• Access Control System Management (physical security)
• Project Management
• Compliance audit management

Ideal professional qualifications are Security , Systems Security Certified Practitioner (SSCP), Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), SANS GIAC or other security-related certifications; and working experience with endpoint/email security, firewalls/IDS/WAF, vulnerability management, application security, and cloud infrastructure is desirable.

Job Type: Full-time

Pay: $68,839.59 - $82,903.60 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance

Experience level:

• 6 years

Schedule:

• 8 hour shift
• Monday to Friday

Experience:

• Linux: 1 year (Preferred)
• Cybersecurity: 1 year (Preferred)
• Information security: 1 year (Preferred)

Ability to Commute:

• East Pittsburgh, PA 15112 (Required)

Ability to Relocate:

• East Pittsburgh, PA 15112: Relocate before starting work (Required)

Work Location: In person