- Cyber Security Vulnerability Analyst
- Houston, TX, US
- Posted On: 02/15/2018
- Employment Type: Full Time
- Job Class: Information & Tech
The Cyber Security Vulnerability Analyst reports to the Information Security Officer and while you will have many responsibilities, your primary focus is to validate security controls and remediate vulnerabilities to protect critical Freeport LNG assets from cyber-attacks. Daily activities will center around hands-on security control penetration testing and performing vulnerability/risk assessments. Trust but verify is your mission. You will manage the employee security awareness/training program, 3rd party/cloud risk assessment program and you will own the IT Risk Registry. You will work with state-of-the-art vulnerability management, security awareness, and penetration testing technologies, using commercial and open source solutions. You will receive significant training - both daily hands on activities and SANS or other leading ICS and IT security training providers.
Essential Functions & Duties/Responsibilities
- Validate Critical Security Controls - Actively validate current security controls including critical patches, security settings and rules are configured per the CyberSecurity Policy. This includes both reporting and hands-on validation. 50% of the team member’s time.
- Validate Critical Security Event Logging - Actively validate all current security and detective controls are logging accurate information to the appropriate Freeport LNG centralized logging solution. This also includes both reporting and hands-on validation. 20% of the team member’s time.
- IT Risk Assessments and IT Audits - Manage the IT Risk Registry program. Lead IT risk assessment requests. Participate in moderate to highly complex projects to deploy new solutions ensuring security controls and risk management are documented and receive senior level approval early in the design process. 10% of the team member’s time.
- Security Policy Management – Manage all IT cyber security policies. Ensure the Freeport LNG CyberSecurity and related policies are updated and communicated to the organization as new threats emerge or new security controls are deployed. 10% of the team member’s time.
- Security Awareness & Training – Promote and manage the Freeport LNG security awareness and training program. Plan and schedule monthly ‘Learn and Lunch’ security events, quarterly security training and monthly targeted phishing campaign tests. 10% of the team member’s time.
- 4 years of progressive IT experience, preferred IT cyber security experience
- 2+ years conducting IT security testing in a business environment
- Experience with vulnerability scanning and management solutions (Nessus, OpenVAS, etc)
- Experience with security configuration and patch management solutions (SCCM, Qualys, etc)
- Knowledge of current vulnerabilities and cyber threats
- Knowledge of operating systems including Windows, Linux, Unix and VMware
- Attending/attended a hands-on cybersecurity program at a college/university
- Familiarity with NIST
- 2+ years of cyber security experience
- 2+ years of vulnerability management experience
- Experience with Metasploit
- Demonstrated desire to learn / expand areas of expertise
- Possesses a strong sense of urgency
- Possesses strong analytical and problem solving skills
- Possesses strong leadership skills and the ability to work effectively in a team environment
- Possesses excellent interpersonal skills, has the ability to coordinate and build effective relationships
- Possesses ability to prioritize workload – this role will involve significant multitasking!
- Understanding of Natural Gas/Liquefied Natural Gas/Natural Gas Liquids production, processing, distribution, business and marketing is a plus
- Plant-site experience is a plus
- Experience scripting with Powershell, shell and python is a plus