Responsible for safe-guarding computer networks and systems and coordinating and executing corporate security strategies among all divisions and locations. Duties include managing endpoint, network, and cloud security across a diverse environment; providing expert judgment and analysis for the design, development and implementation of security programs and protocols; planning for future growth while improving current security technologies and recommending new technologies and services to best secure the corporation's technology and data assets. Work under the direction of the Manager, Infrastructure and Operations.
Supports the processes and tools for technical risk management to protect information assets internally, externally and in the cloud.
Develops, operates and supports security-related software and firmware to maintain security and service continuity.
Assists with investigations of security events (e.g., unauthorized access, non-compliance with policies, fraud, service exploitation, etc.) to determine malfunctions, breaches, and remediation steps.
Recommends, schedules when needed, and applies fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.
Provides support to Information Security Incident Response team during cyber incidents.
Responds to service issues, problems, and critical situations to support resolution and minimize downtime.
Monitors and keeps current with emerging security alerts and issues. Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
Develops and maintains information security policies and standards.
Ensures confidential data is secure.
Assists in the technical deployment of security solutions that enhance the company's information security architecture.
Recommends, schedules, and performs security improvements, upgrades, and/or new products or applications.
Oversees internal and external penetration testing.
Assists in Security Awareness and Phishing campaigns.
Oversees management of endpoint protection program (EPP).
Researches emerging threats and take action when necessary.
Monitors backups, server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interprets activity and makes recommendations for resolution.
Manages and ensures the security of data that is transferred internally, externally and in the cloud.
Evaluates the technical security posture of newly proposed third-party solutions.
Validates that information security requirements are built into architectures and new technology projects.
Keeps work area clean and orderly. Knows safety rules that apply to the safety of others and to personal safety. Reports malfunction of equipment to proper authority. Performs other work as instructed by supervision.
Minimum Qualifications
Bachelor's degree in Information Security, Cyber Security, Computer Science or the equivalent from an accredited four-year college or university. Proof of degree required. A transcript or diploma would be acceptable and must be provided. OR five or more years of Information Security related experience, in areas such as: Security Operations, Incident Analysis, Vulnerability Management, and System Patching.
Three years of experience in computer processing concepts, information security and operations related to infrastructure hardware and software.
Three years of experience with Ethernet and wireless networks.
Three years of experience with Transmission Control Protocol/Internet Protocol (TCP/IP) concepts, function and troubleshooting.
Preferred Qualifications
Two years of experience installing, monitoring, and using the network operating systems, hardware and protocols currently in use at AMERICAN.
Experience with administering and securing cloud environments especially Amazon Web Services (AWS) and Azure.
Experience with Powershell, Python, and other scripting languages desired.
Possess industry certification such as Certified Information Systems Security Professional (CISSP), GIAC Security Essentials Certification (GSEC), Certified Ethical Hacker (CEH), CompTIA Security+ or Certified Information Security Manager (CISM) or equivalent.
Familiarity with security best practices, standards, and compliance initiatives such as NIST, CIS, COBIT, ISO, SOCI and SOCII reporting, and CIP.
Master's degree with a focus in Cyber Security or the equivalent. Degree must be from an accredited college or university. Proof of degree required. A transcript or diploma would be acceptable and must be provided.
AMERICAN Benefits:
401(k) Plan
Profit Sharing Bonus Plan
Eagan Center for Wellness
Medical, Dental and Supplemental Vision
Tuition Reimbursement
Paid Vacation and Holidays
Employee Assistance Program
EOE/VETS/DISABILITY