Cyber Security Vulnerability Analyst
The Cyber Security Vulnerability Analyst reports to the Information Security Officer and while you will have many responsibilities, your primary focus is to validate security controls and remediate vulnerabilities to protect critical client assets from cyber-attacks.
- Daily activities will center around hands-on security control penetration testing and performing vulnerability/risk assessments. Trust but verify is your mission.
- You will manage the employee security awareness/training program, 3rd party/cloud risk assessment program and you will own the IT Risk Registry.
- You will work with state-of-the-art vulnerability management, security awareness, and penetration testing technologies, using commercial and open source solutions.
- You will receive significant training – both daily hands on activities and SANS or other leading ICS and IT security training providers.
Essential Functions & Duties/Responsibilities
- Validate Critical Security Controls
- Actively validate current security controls including critical patches, security settings and rules are configured per the Cyber Security Policy. This includes both reporting and hands-on validation. 50% of the team member’s time
- Validate Critical Security Event Logging
- Actively validate all current security and detective controls are logging accurate information to the appropriate Freeport LNG centralized logging solution. This also includes both reporting and hands-on validation. 20% of the team member’s time.
IT Risk Assessments and IT Audits
- Manage the IT Risk Registry program.
- Lead IT risk assessment requests.
- Participate in moderate to highly complex projects to deploy new solutions ensuring security controls and risk management are documented and receive senior level approval early in the design process. 10% of the team member’s time.
Security Policy Management
- Manage all IT cyber security policies.
- Ensure the Client Cyber Security and related policies are updated and communicated to the organization as new threats emerge or new security controls are deployed. 10% of the team member’s time.
Security Awareness & Training
- Promote and manage the Client security awareness and training program.
- Plan and schedule monthly Learn and Lunch security events, quarterly security training and monthly targeted phishing campaign tests. 10% of the team member’s time
HSE Roles and Responsibilities
- Support the policies, efforts, and programs of Client Health, Safety and Environmental Management System.
- Actively participate in the HSE Management System Policies.
- Ensure that HSE concerns are given priority in all activities completed within their area of responsibility.
- Implement routine inspections to ensure safe operating conditions.
Working Conditions & Physical Expectations
- Primarily a typical office environment Stand and/or sit continuously and perform job functions for a full shift.
- Ability to move throughout all areas of the facility.
- Able to wear all necessary PPE equipment to perform job functions.
- Physically able to walk, stand, bend, stoop, kneel, reach, twist, lift, push, pull, climb, balance, crouch, handle and move items weighing up to 50 lbs. without assistance.
- Visual acuity corrected to perform job functions.
- Ability to distinguish color to perform job functions.
- Exposure to indoor and outdoor weather conditions.
- Possible exposure to hot, cold, wet, humid or windy weather conditions.
- Exposure to constant or intermittent sounds of a pitch level sufficient to cause marked distraction.
- Exposure to moving mechanical parts and electrical circuits
- 4 years of progressive IT experience, preferred IT cyber security experience
- 2+ years conducting IT security testing in a business environment
- Experience with vulnerability scanning and management solutions (Nessus, OpenVAS, etc.)
- Knowledge of current vulnerabilities and cyber threats
- Knowledge of operating systems including Windows, Linus, Unix and VMWare
- 2+ years of cyber security experience
- 2+ years of vulnerability management experience
- Experience with Metasploit
- Demonstrated desire to learn/expand areas of expertise
- Possesses a strong sense of urgency
- Possesses strong leadership skills and the ability to work effectively in a team environment
- Possesses excellent interpersonal skills, has the ability to coordinate and build effective relationships
- Possesses ability to prioritize workload. This role will involve significant multitasking.
- Understanding of Natural Gas/Liquefied Natural Gas/Natural Gas Liquids production, processing, distribution, business and marketing is a plus
- Plant-site experience is a plus
- Experience scripting with PowerShell, shell and python is a plus.