Cyber Security Engineer

Overview:

AmSty is currently seeking a talented and motivated individual to join our organization and growing team as a Cyber Security Engineer within our Corporate IT Department.

The Cyber Security Engineer will leverage their broad IT skills and cyber knowledge to ensure that alerts thresholds are properly defined and acted upon; lead cyber incident response processes to identify root cause, generate indicators of compromise, and define actions necessary to contain threats. They will use forensic tools and investigative methods to conduct computer and mobile cyber incident investigations to ensure compliance with corporate Information Security policies and all applicable laws and regulations. They will lead the resolution of cyber audit findings, author cyber-related process and tools documentation, investigate where additional tools are necessary to create layers of protection, and oversee patch management and vulnerability management processes.

• Lead the security incident management response process for AmSty – including security monitoring, incident response, EDR/NDR/SIEM management, and threat intelligence.
• Serve as corporate focal point for SIEM/SOC functions – including vendor management, getting logs to SIEM, determining appropriate SIEM use cases, defining, implementing and running use case alerts, reporting findings (weekly, monthly, quarterly) and setting a path for improvement as part of a continuous improvement journey.
• Using tools in AmSty’s cyber security portfolio (EDR, NDR, SIEM, et al) - Identify, Detect, Protect and Respond to AmSty’s cyber weaknesses and vulnerabilities.
• Monitor the company’s computing environment (servers, firewalls, intrusion detection/prevention systems, phish, anti-virus and malware) logs, and network traffic for activities including but not limited to policy violations, abnormal behaviors, intrusions, best practice recommendations, etc.
• Develop and maintain website white lists, and application white lists.
• Block or apply countermeasures to remediate or lessen risk of detected issues.
• Implement and audit domain administration restrictions and apply Group Policies on user and computer objects.
• Analyze log files (sys logs, firewall logs, etc.) to determine security incident impact.
• Develop and implement remediation plans for identified cyber risks.
• Communicate with leadership and stakeholders as per Incident Response Communication Plan.
• Serve as an active member on AmSty cyber incident response teams, performing forensic and investigation services.
• Respond to information security requests, incidents, and trouble tickets according to a defined SLA.

• Lead Vulnerability Management Remediation Efforts:
• Review EDR console (daily) for critical/high vulnerabilities on endpoints and initiate remediation plans.
• Configure scanning tools to assist in identifying vulnerabilities and inventory IT systems (may include port scans, vulnerability scans, etc.).
• Conduct weekly vulnerability management scans and initiate remediation plans.
• Create and maintain the IT asset inventory.

• Serve as a Risk Management Steward.
• Author regular cybersecurity reports (i.e., monthly dashboards, audit remediation status updates, patch compliance, project status reports; Monthly, quarterly, and ad-hoc strategic and operational risk reporting and analytics for trending, risk assessment, compliance, and active exception reporting for EDR, NDR, SIEM/SOC and Vulnerability Management Functions Develop and enhance security policies, processes and procedures; supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
• Maintain/Recommend new entries for AmSty’s cyber security Risk Register, based on vulnerabilities identified and remediations completed.
• Maintain cyber policies.
• Author cyber playbooks.
• Ensure compliance with applicable statutes and regulations.
• Create/heighten security awareness within the organization by marketing, sending e-mails, creating presentations, and presenting material to employees and contractors.
• Participate in information security audits.
• Actively support Red Team/Purple Team and table-top cyber initiatives and lead resolution of security weaknesses discovered therein.
• Oversee penetration testing of all networks and systems to identify system and application vulnerabilities, lead resolution and remediation of findings.
• Participate in disaster recovery and business continuity efforts.

• Serve as an Internal Security Consultant.
• Execute authorized information security projects and initiatives.
• Research and maintain technical proficiency in security tools, techniques, countermeasures, and basic trends in computer and network threats and exploits.
• Serve as focal point for evaluation and implementation of new cyber tools/techniques to optimize AmSty’s cyber security portfolio and cyber defenses.
• Maintain user security by developing access controls, monitoring and evaluation of security standards.
• Participate in an on-call rotation for information security and resolve service outages within SLA.
• Participate in Information Security initiatives and projects.
• Review and monitor administrator account management (normal and privileged).
• Serve as an advisory role in application development or acquisition projects to assess security requirements and controls, and to ensure that security controls are implemented as planned.
• All other duties as assigned.

• Bachelor of Science Degree from an accredited college or university in Computer Science, Information Security, Engineering, or related field, or equivalent certifications.
• At least one professional security certification such as CISSP, CISA, CEH, applicable SANs programs, or other industry certifications (e.g., Cisco, Microsoft, VMware, et al).
• Minimum of three years of active work experience with networking and/or cyber security tools.
• Knowledge of network, infrastructure architecture and security (including network segmentation concepts, firewalls, routers, VPN solutions, etc.).
• Strong knowledge/familiarity with the administration of firewalls, including defining, configuring, and managing firewall policies; accessing firewall policies; troubleshooting firewall policies; and monitoring network traffic.
• Significant experience with using leading EDR tools to detect and respond to incidents.
• Previous Security Operations Center Analyst or Network Engineer experience.
• Working knowledge of securing Linux, Windows, TCP/IP, and networking technologies.
• Understanding of the fundamentals of security principles and best practices.
• Strong critical thinking ability and investigative/problem solving skills.
• Eager/willing to learn/gain new technical knowledge.
• Ability to work well in a small group/team setting.
• Excel in written and verbal business communications; Demonstrate strong written and oral presentation skills for technical and non-technical audiences, as well as the ability to work closely with all business areas; ability to develop new and existing documentation.
• Ability and willingness to travel to other offices as required.

• Five years of active cyber security work experience with experience with Security Operations Center, Cyber Incident Response experience and forensic incident investigations and use of the following tools:
• Vulnerability detection management software.
• Leading SIEM Software (search, query, optimize use cases).
• Leading Firewalls including NextGen.
• Experience with malware analysis; packet capture/analysis and sandboxing.
• Experience with creating Java, Python or Ruby scripts to remediate cyber incidents or automate security operations.
• Knowledge of and experience managing information security assessments including: Penetration tests, Red team tests and physical/social engineering testing, internal network testing policy/procedure reviews, application testing.
• Understanding of encryption and access management.
• Understanding of evidence handling and chain-of-custody procedures.
• Knowledge of Industrial Control Systems and related cyber protections.
• Member of FBI InfraGard.
• Related experience in chemical, petrochemical or oil and gas industry.
• Network technologies and troubleshooting (Cisco certification).
• Experience implementing the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series and the Risk Management Framework (RMF).
• Desired Certifications (at least one of the following certifications);
• Professional certifications (e.g., Certified Information System Security Professional (CISSP) or equivalent certification - CISM, CEH (lab), CIA, CISA, CFE, etc.).
• EnCase Certified Examiner (EnCE).
• Certified Forensic Security Responder (CFSR).
• SANS Certifications (GCFE, GCFA, GNFA, GREM).
• Cisco network technology and troubleshooting certifications.

• Due to the nature of this work, evening and weekend work may be required. 24/7 on-call for cyber related incidents.

Relocation is not available with this position.

No sponsorship is available with this position.

Americas Styrenics LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, ancestry, age, disability, veteran status or marital status.

To all recruitment agencies: We are not responsible for any fee related to unsolicited resumes from 3rd party staffing and recruiting agencies (whether submitted through this website or sent directly to employees) unless a written agreement is in place between the agency and Amsty (“Company”) and an authorized Company representative makes a written request to the agency to assist with this requisition. Similarly, no fee will be paid for candidates who apply and claim to be represented by an agency. Any unsolicited resumes, CVs, or other candidate information submitted by an agency will become the property of Company, and no fee will be paid in the event such candidate is hired.