Overview
Primarily responsible for protecting a company's network and systems from cyber-attacks. This involves researching upcoming IT trends, creating contingency plans, reviewing suspicious activities, reporting security breaches, and educating the rest of the company on security measures.
Responsibilities
- Develops and implements the cyber security strategy for Lewis Energy Group using the NIST Framework. Maintain, monitors, responds, and tracks cyber security threats as published.
- Conducts weekly Penetration (Pen) Tests and tracks deficiencies as they are resolved utilizing Nessus. Works with IT Manager to coordinate resolution based upon the severity of the threat, current trends, and best practices.
- Coordinates with 3rd Party security organizations to audit and manage the state of cyber threat preparedness. Tracks 3rd party deliverables and makes recommendations with regards to vendor performance.
- Monitors versions of essential software, operating systems, network configurations, and tracks vulnerabilities for all unpatched versions. Responsible for patching operating systems and deploying updated versions of essential software.
- Maintained current system access control including Multi-Factor Authentication (MFA) via 365 or 3rd party programs, Active Directory, Access Control Lists, and Access Segmentation.
- Conduct cyber-forensic reviews of logs and network access including reports on potential breaches and attempts to penetrate Lewis Energy Group security. Utilize Microsoft Azure Sentinel to analyze all logs and develop workbooks for log investigation.
- Conducts and publishes results of phishing attacks to management. Tracks and completes all cyber security tickets in the help desk system.
Qualifications
Education and/or Experience
Two year associates degree or higher and minimum three years related experience.
Computer Skills
Deep understanding of network and device security.
Preferred Certifications include:
Certified Ethical Hacker (CEH)
Certified Information Security Manager (CISM)
CompTIA Security+
Certified Information Systems Security Professional (CISSP)
Certified Information Security Auditor (CISA)
Other Qualifications
Microsoft Certifications or Equivalent Experience. Basic understanding of NIST