Security Analyst - Pittsburgh, United States - Careerbuilder-US

    Careerbuilder-US
    Careerbuilder-US Pittsburgh, United States

    Found in: Appcast US C2 - 1 week ago

    Careerbuilder-US background
    Description

    Responsibility:
    • Perform and mature security operations of three (3) main areas: Cyber/logical, Physical, and Compliance so that they are well managed, documented, and efficient.????
    • Monitor and respond to alerts and events from systems like endpoint protection, IDS/IPS, & email security, SIEM, and cloud-native security services, and respond to various managed third-party security service providers.?
    • Administer and maintain both physical and logical security systems and solutions.?
    • Perform identity management functions for all systems and improve processes.?
    • Work with IT staff to identify and mitigate security vulnerabilities and audit information security processes and procedures.?
    • Assist with day-to-day physical security operations of a high-security manufacturing facility.?
    • Develop, maintain, and report on security operations metrics.?
    • Assist with Application Security operations such as threat modeling, SAST, DAST, SCA, and security vulnerability/bug management.?
    • Assist with maintaining PCI compliance, including managing PCI DSS and PCI Card Production compliance and passing annual assessments performed by an external auditor/QSA.?
    • Perform third-party risk management activities.?
    • Assist with cyber/logical and physical security audits, review findings, and recommend and perform corrective actions.?
    • Assist with performing incident response activities for any physical or cyber/logical security incidents, including containment, investigation, remediation, and reporting.?
    • Assist with developing and implementing security awareness & training programs for the security guard staff, manufacturing personnel, developers, and company users.?
    • Manage and evaluate security vendor relationships and technologies.??
    Skills/Knowledge/Qualifications:
    • Vulnerability/Threat Management?
    • Endpoint Detection Response/IDS/IPS?
    • PCI Standards?
    • System Hardening?
    • Data Loss Protection?
    • Ability to work independently and make decisions regarding a high-security facility and IT environment.?
    • Be able to work with cross-functional teams to meet security goals and requirements.?
    • On-call and non-standard business hours work may be required.?
    • Must be highly organized; security conscious; able to write quality, readable documentation; adhere to change management policy and procedures.?

    Experience in any of the following is a plus:?

    • Cloud Infrastructure?
    • Access Control System Management (physical security)?
    • Project Management?
    • Compliance audit management?

    Ideal professional qualifications are Security+, Systems Security Certified Practitioner (SSCP), Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), SANS GIAC or other security-related certifications; and working experience with endpoint/email security, firewalls/IDS/WAF, vulnerability management, application security, and cloud infrastructure is desirable.?