Senior Security Specialist

<h4><strong>Our employees are our greatest asset. Join our team and you&rsquo;ll be among our many employees who are thought leaders; the &ldquo;go-to&rdquo; people in their field of expertise. They are trusted sources who lead with innovative ideas, develop ideas into reality, and use those ideas to create sustainable solutions that focus on changing the world of industrial heating.</strong></h4>

Pittsburgh, PA, US


<strong>Chromalox, a Spirax Sarco Engineering company, is a thermal technology company. We engineer thermal solutions for the world&rsquo;s toughest industrial heating applications. Our Heat Trace division delivers temperature management solutions for piping systems, valves, and tanks. Our Industrial Heaters and Systems&nbsp;division delivers process heating solutions for revenue-generating industrial processes, and our Component Technologies&nbsp;division delivers component heating solutions for industrial equipment manufacturers. Chromalox was founded in 1917 and is headquartered in Pittsburgh, PA, USA.</strong>

keywords: passion,support,security,compliance,leadership,create,analysis,support,reporting,certification,knowledge,experience,management,degree


Overview: <p>We are looking for a strong communicator with a passion for information security who is a proactive self-starter that independently identifies opportunities to automate and actively recommends enhancements. You will support and drive the continuous improvement of security compliance and risk management supporting the security interests of the Chromalox ETS division of SpiraxSarco Engineering across all security domains and technology environments globally.&nbsp;&nbsp;</p> <p>Fully remote is an option for this role.&nbsp;&nbsp;</p>
Responsibilities: <br /> <ul> <li>Cyber Certification - Lead NIST800 / CMMC efforts to achieve and maintain certification.</li> <li>Support - 1st\2nd line support ticket support for Security issue.</li> <li>Drive ETS Cyber Maturity - Identify security vulnerabilities and provide remediation options, coordinate the implementation of best practices with the corporate cybersecurity team.</li> <li>Monthly Reporting - Endpoint protection coverage and Malware and security incidents, email reports for SPAM and phishing/spoofing incident levels.</li> <li>Web Filtering - Be the approver for changes regarding sites that are not currently in policy. Categorising them as Red, Amber, Green.</li> <li>Security Policy - Be a key contributor to create a global security policy and maintain the continual improvement security life cycle.</li> <li>Security Audits - Accounts security audits on Active Directory / Firewalls / Switches and other high security sensitive applications and devices.</li> <li>Event monitoring collection - Create weekly/monthly audit and security event reports.</li> <li>Email Security - Managing user awareness and training via the KnowB4 Phishing tool, investigate and respond to phishing and spoofing events.</li> <li>Security Education - Relevant IT training and education will be supplied in all areas of IT Security / ITIL certifications would be beneficial.</li> <li>Lead member of the Security Change Acceptance Board (CAB)- Review and approve change requests and raise any security concerns.</li> <li>Policy Documents - Compile and upkeep security policy documentations.</li> </ul>
Requirements: Relevant Experience <ul> <li>3 Years professional experience in cyber security.</li> <li>Bachelors degree preferred but not required. </li> <li>Experience with network design, security protocols, hardware and software.</li> <li>Working experience with CISCO and Endpoint Protection applications.</li> <li>Knowledge of Cyber Accreditation (DFARS 252.204-7012, NIST 800-171, CMMC).</li> <li>Practical experience managing penetration tests.</li> <li>Extensive switch and routing knowledge.</li> <li>Solid understanding of IDS/IPS/SEIM technologies.</li> <li>Identity & access management.</li> <li>Understanding of data classification & protection.</li> <li>Solid understanding of Microsoft platforms such as Active Directory, PowerShell automation, & O365 security & governance best practices.</li> <li>Functional understanding of COBIT and ITIL frameworks.</li> </ul>