Responsibility: Perform and mature security operations of three (3) main areas: Cyber/logical, Physical, and Compliance so that they are well managed, documented, and efficient.???? Monitor and respond to alerts and events from systems like endpoint protection, IDS/IPS, & email security, SIEM, and cloud-native security services, and respond to various managed third-party security service providers.? Administer and maintain both physical and logical security systems and solutions.? Perform identity management functions for all systems and improve processes.? Work with IT staff to identify and mitigate security vulnerabilities and audit information security processes and procedures.? Assist with day-to-day physical security operations of a high-security manufacturing facility.? Develop, maintain, and report on security operations metrics.? Assist with Application Security operations such as threat modeling, SAST, DAST, SCA, and security vulnerability/bug management.? Assist with maintaining PCI compliance, including managing PCI DSS and PCI Card Production compliance and passing annual assessments performed by an external auditor/QSA.? Perform third-party risk management activities.? Assist with cyber/logical and physical security audits, review findings, and recommend and perform corrective actions.? Assist with performing incident response activities for any physical or cyber/logical security incidents, including containment, investigation, remediation, and reporting.? Assist with developing and implementing security awareness & training programs for the security guard staff, manufacturing personnel, developers, and company users.? Manage and evaluate security vendor relationships and technologies.?? Skills/Knowledge/Qualifications: Vulnerability/Threat Management? Endpoint Detection Response/IDS/IPS? PCI Standards? System Hardening? Data Loss Protection? Ability to work independently and make decisions regarding a high-security facility and IT environment.? Be able to work with cross-functional teams to meet security goals and requirements.? On-call and non-standard business hours work may be required.? Must be highly organized; security conscious; able to write quality, readable documentation; adhere to change management policy and procedures.? Experience in any of the following is a plus:?
Cloud Infrastructure? Access Control System Management (physical security)? Project Management? Compliance audit management? Ideal professional qualifications are Security+, Systems Security Certified Practitioner (SSCP), Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), SANS GIAC or other security-related certifications; and working experience with endpoint/email security, firewalls/IDS/WAF, vulnerability management, application security, and cloud infrastructure is desirable.?
Report this job Dice Id: ******** Position Id: 8212824
