Summary: We are looking for a driven, self-starting Cyber Security Senior Engineer to help our Information Security Team to take our current cyber security program to the next level. This role provides a unique opportunity for a cyber-security professional to learn a complex and interesting business model while, supporting all facets of a national organization. Using multiple tools and processes this role will assist in driving risk out of a business that is part of our nation's critical infrastructure. As the Cyber Security Senior Engineer, you will provide cyber security advice, direction and support to ensure the risk to the business of Ports America is minimized while maintaining the ability of our ports and terminals to move the maximum amount of cargo in the minimum amount of time. At Ports America your job matters!

Essential Duties:

• Assist in the measurement and analysis of the cyber security posture across the organization and recommend improvements and solutions to current cyber security issues and risks.
• Leads and implements network security best practices across multiple solutions.
• Coordinates implementation of cyber security solutions (new/modifications) to reduce risk while enabling business efficiency and productivity.
• Mentor both Cyber Security Engineers and Identity and Access Management (IAM) staff to improve the capabilities and depth of skills in the team.
• Assist in development, implementation, maintenance and enforcement of policies, processes and procedures associated with cyber security and IAM.
• Assists in development and management of end point security, including hardening, tools and procedures.
• Stays up to date on current threats, vulnerabilities, attacks, and countermeasures.
• Monitors and manages web filtering solutions.
• Assists in the development and refinement of patch and vulnerability management processes and solutions.
• Assists in the development and refinement of disaster recovery plans and procedures.
• Coordinate cyber security incident response across the enterprise.
• Assist various teams in capturing and refining information protection requirements, integrating those requirements into system designs and ensuring program compliance.
• Coordinates planning and engagement efforts for organizational security evaluations, systems analyses, Pen Testing, and security architecture reviews.
• Prepares and/or conducts written and oral reports and presentations.
• Facilitate periodic access reviews to support SOX/Internal Controls compliance.
• Coordinates malware analytics and forensics gathering

Minimum Requirements (Education, Experience, Certifications):

• BA/BS degree Computer Science, Engineering, Information Systems, or equivalent experience
• Strong understanding of NIST and CIS Controls
• Minimum 7 years in Information Technology including at least 3-4 years' experience in an Information Security Engineering or similar capacity
• Solid working knowledge in incident response, network security (firewalls, NAT, VPN, NGFWs, IPS/IDS), web filtering, patch management, vulnerability assessments, intrusion detection/prevention, malware monitoring and containment, testing and deployment of security patches at the OS/database/application layers, required
• Direct experience with anti-virus software, intrusion detection, firewalls, SIEM, patch management tools and content filtering, required
• Experience in a system administration role supporting multiple platforms and applications, required
• Experience with virtualization, required
• Security or similar certification, required
• CISSP, CEH, OSCP or similar level certification, preferred
• Experience designing secure networks, systems and application architectures, preferred
• Experience planning, researching and developing security policies, standards and procedures, preferred
• Experience with Linux and/or Unix, preferred
• Experience with managing, configuring and securing public cloud platforms - IaaS, PaaS and SaaS.

Knowledge, Skills & Abilities:

• Strong, hands-on and current knowledge of the Microsoft Windows OS, Active Directory (2008 to current), Group Policy Management, Microsoft Office 365 environments, Microsoft back office servers SQL, Exchange SharePoint
• Advanced knowledge of Windows network configurations, SOA, Microsoft ADFS in a global enterprise environment
• Advanced knowledge of packet capture and packet analysis techniques and technologies
• Advanced knowledge of end point protection tactics, techniques, procedures and tools
• Advanced knowledge of risk assessment tools, technologies and methods
• Knowledge with disaster recovery, computer forensic tools, technologies and methods
• Knowledge of Mobile Device Management (MDM) and EMM solutions and management.
• Skilled in facilitating and conducting structured analysis and requirements gathering
• Skilled in log analysis, familiarity with Splunk, ELK or similar platforms with a focus on security and correlation rule configuration.
• Ability to read and use the results of mobile code, malicious code, and anti-virus software
• Ability to present technical and security concepts to non-technical audiences
• Ability to foster and maintain relationships with key stakeholders and IT Operations peers
• Skilled in programming languages, including Java, C , or C# as well as scripting languages such Perl, Python or PowerShell, preferred
• Knowledge of change management, project management and process improvement principles, preferred

Working Conditions:

• Must be willing to travel (up to 10%)
• Office environment

NOTE: This job description is not intended to be all-inclusive. Employee may perform other related duties as needed to meet the ongoing needs of the organization.

Ports America is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex (including pregnancy); sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.