Perennial Resources International - New York, NY

posted about 2 months ago

Full-time
New York, NY
Sporting Goods, Hobby, Musical Instrument, Book, and Miscellaneous Retailers

About the position

The Lead Cybersecurity Analyst is a pivotal role within the organization, responsible for spearheading the implementation of cybersecurity controls and ensuring the integrity of the organization's information systems. This position requires a proactive approach to managing cybersecurity projects, developing reporting dashboards, and maintaining metrics that reflect the effectiveness of security measures. The Lead Cybersecurity Analyst will serve as the primary point of contact for conducting periodic vulnerability assessments and coordinating remediation activities with both internal teams and external partners. This role is essential in fostering a culture of cybersecurity awareness and vigilance across the organization. In addition to leading the implementation of cybersecurity controls based on the NIST framework, the Lead Cybersecurity Analyst will continuously measure the effectiveness of these controls and work collaboratively with vendors, carriers, and IT teams to troubleshoot existing security measures and implement new ones. The analyst will also lead cross-functional efforts to develop and maintain cybersecurity alerts, ensuring that the organization is prepared to respond to potential threats. The role encompasses incident response and forensics, where the analyst will monitor and analyze cybersecurity events, coordinate incident response efforts across on-premises and cloud environments, and conduct digital forensics investigations to identify root causes of security incidents. Collaborating with the VP of IT, the Lead Cybersecurity Analyst will help develop and maintain the Incident Response plan, ensuring that the organization is equipped to handle cybersecurity incidents effectively. Furthermore, the analyst will validate and identify risks associated with system integrations, assist in evaluating new software and SaaS platforms for compliance with cybersecurity best practices, and provide expertise in the integration and engineering of security platforms. A key responsibility will be to develop and deliver comprehensive cybersecurity awareness training programs, including regular phishing email exercises to enhance employee vigilance. The analyst will also assess the cybersecurity impact of all changes through participation in the Change Control process, contributing to a culture focused on control effectiveness and risk reduction. The Lead Cybersecurity Analyst will be on call 24/7 for urgent cybersecurity issues, demonstrating the critical nature of this role in safeguarding the organization's information assets.

Responsibilities

  • Serve as main point of contact to plan and conduct periodic vulnerability assessments.
  • Coordinate remediation activities with partners and internal teams.
  • Project manage cybersecurity initiatives.
  • Lead implementation of cybersecurity controls based on NIST framework.
  • Continuously measure effectiveness of cybersecurity controls in place.
  • Work with vendors, carriers, and other IT teams to implement new security controls and troubleshoot existing controls.
  • Lead cross-functional effort to develop and maintain cybersecurity alerts.
  • Monitor and analyze cybersecurity events.
  • Coordinate with partners and internal teams as needed for incident response.
  • Lead Incident Response efforts across on-premises and cloud environments, including containment, eradication, and recovery activities.
  • Conduct/participate in digital forensics investigations to analyze security incidents and identify root causes.
  • Collaborate with VP of IT to develop and maintain Incident Response plan.
  • Validate and identify risks associated with system integrations.
  • Assist evaluation of new software and SaaS platforms for cybersecurity best practices.
  • Provide expertise in integration and engineering of Security platforms.
  • Develop and deliver comprehensive cybersecurity awareness training programs.
  • Conduct regular phishing email exercises to test and improve employee vigilance.
  • Assess cybersecurity impact of all changes via participation in Change Control process.
  • Build a culture within and outside the IT team focused on control effectiveness in risk reduction.
  • Contribute to the technical understanding and adoption of information security and operational standards, solutions, and tools.
  • Perform other duties or special projects as required or assigned.

Requirements

  • 5+ years of experience in IT Infrastructure and Cybersecurity industry; multiple functions experience is preferred.
  • Hands-on network, server, and endpoint security experience with implementing and maintaining security controls and patch management in distributed on-premises environment and cloud platforms (Azure and AWS).
  • Hands-on experience implementing NIST security framework.
  • Strong network security experience.
  • Strong project management experience.
  • Strong experience in performing security risk assessments.
  • Incident Response and Incident Response Plan development experience is preferred.

Nice-to-haves

  • Understanding of networking concepts and protocols, DNS, DHCP, VLANs.
  • Proficient in Microsoft and Linux operating systems, virtual environments (VMware), Active Directory, Group Policies, Microsoft 365, Intune, Cloud and Hybrid Cloud Architecture.
  • Advanced knowledge of Cisco Meraki firewall and cloud-based Web Application Firewalls (WAFs) like Sucuri, Cloudflare, Akamai.
  • Strong knowledge of security best practices and compliance requirements.
  • Technical understanding of vulnerabilities and how attackers can exploit vulnerabilities to compromise systems.
  • Ability to define KRI and KPI, create reports and dashboards.
  • Expert in Microsoft Office Suite, SQL, Python, data visualization tools such as Power BI or Tableau.
  • Auditing/assessing data network security design.
  • Strong analysis and problem-solving abilities.
  • Technical eye for details.
  • Highly self-motivated and able to work independently with minimal supervision.
  • Excellent teamwork, interpersonal, verbal and written communication skills.
  • Expertise in managing multiple projects in parallel.
  • Experienced knowledge of project management methodologies such as SCRUM, Agile, hybrid and best practices.
  • Technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
  • Domain knowledge of cyber security (i.e. vulnerability management, Security Operations, Data Protection, Privacy and Compliance, etc.).
  • Data Analysis and Validation.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service