:
As the Cyber Security Analyst/Security Engineer, your primary purpose is to lead security controls reviews on endpoints, network, email gateway, cloud infrastructure, etc, and provide guidance on tuning tools / hardening, making sure that they are compliant. Including the daily operational monitoring and escalation of information security events and the examination of these events for context and criticality. This position is responsible for the collection and monitoring of risk metrics from operational security controls such as vulnerability scanning, system patching, penetration testing, and other security event sources.
The successful candidate will be responsible for providing frontline cyber incident response services while managing projects to implement operational improvement initiatives. This position will help lead collaboration and ensure alignment with LVMH cybersecurity organization which is located across multiple geographic sites and is responsible for the comprehensive cyber defense of over 70 retail houses worldwide.
What you’ll be doing::ESSENTIAL DUTIES & RESPONSIBILITIES:
Cyber Security Enhancements:
- Manage Projects to implement new security solutions on time and on budget
- Design and Build new security solutions improve the security posture of the organization
- Reconfigure existing security platforms to reduce Cyber Security risk scores
- Apply security related changes to the firewall and network switches
- Apply security related changes to web/hypervisor/SAN and related servers
- Recommends and participates in the analysis, evaluation, and development of enterprise long-term strategic and operating plans to ensure that the IT objectives are consistent with security best practices
- Collaborates with all relevant parties to review the objectives and constraints of each solution and determine conformance with the existing network architecture standards. Recommends the most suitable technical architecture and defines the solution at a high level
- Research new attack vectors and technologies to mitigate the potential threats
- Reviews, develops, tests, and implements security plans, products, and control techniques
- Work with Enterprise Services team to design security services and implement security architecture improvements
- Identify unsupported applications or otherwise insecure technologies and work to update them or remove them from the network
Incident Review and Mitigation:
- Manage the Security Operations Center Team to monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents
- Lead response and investigation efforts in data security incidents, provide an after-action report and design corrective actions. Coordinate communications with PR team if public announcements are required
- Monitor for new vulnerabilities, identify risk, and lead mitigation efforts
- Ensure security patching is up to date -Collaborate with the Enterprise Services team as required for assistance
- Track operational metrics related to alerts, incidents, and vulnerabilitiesReview incidents identified by the SOC and action as appropriate
Policies and Procedures:
- Review legal documents relating to Governance policies and lead discussions with the legal team. Advising the Starboard executive team how new Cyber Security Laws will affect the organizations operations
- Create and/or update Security Policies and Procedures to include tactics, techniques, standard operating procedures and security controls
- Enforce Cyber Security Policies across the organization. Potentially including evidence if disciplinary action is deemed appropriate
- Lead Cyber Security awareness training across the organization
- Review system configurations for unapproved changes. i.e. additional access, firewall rules, etc…
- Partner with Internal Audit to ensure compliance with all STB/LVMH security controls
- Partner with External Audit to ensure compliance with all STB financial security controls
- Lead the Change Advisor Board. Ensuring changes are not putting operations of the organization at risk of failures or security incidents
QUALIFICATIONS:
Education and Experience:
- Bachelor’s degree in Information Technology or accredited Security Certification Authority is required
- Risk management experience
- Ability to handle level 3 security issues
Preferred Education & Experience:
- Knowledge of regulatory frameworks desired (e.g. PCI, SOX, GDPR, SSAE16, ISO 27001)
- 5 years of as a senior network administrator
Knowledge, Skills & Abilities:
- Strong knowledge of incident response and crisis management with the ability to identify both tactical and strategic solutions using strong verbal and written communication skills
- Understanding of network, desktop and server technologies, including experience with network intrusion methods, network containment, segregation techniques and technologies
- Cloud security knowledge and skills; securing cloud environments as well as detecting and responding to Cyber Security incidents in the cloud
- Log (network, security, access, OS, application, etc.) analysis skills and experience in relation to identifying and investigating security incidents
- Strong knowledge of CheckPoint, Palo Alto, of Fortinet Firewalls
- Experience with Rolling out Bitlocker enterprise wide
- Strong knowledge of PAM, IPAM, and IAM Solutions
- Knowledge of the Technologies and Products including Web Proxy Filtering, EDR, and WAF
- Excellent written/oral communication, interpersonal and problem solving skills
- Able to thrive in both independent and collaborative work environments
- Dedicated, innovative and self-motivated team player
- Able to effectively oversee multiple and concurrent projects / responsibilities
- Ability to work flexible hours, days, and shifts
- Ability to learn quickly and work independently with or without direct supervision
- Ability to represent Starboard IT Department in a professional manner to clients
- Ability to maintain a positive mental attitude in a highly flexible environment
Key Competencies:
- Customer Service
- Relationship Management
- Business Acumen
- Drive for Results
- Self-Development
- Courage
- Problem Solving
- Communicating Effectively
- Teamwork and Collaboration
Other:
Position Type/Expected Hours of Work
Some flexibility in hours is permitted, employee must be available during the “core” work hours of 8:00 a.m. to 5:00 p.m. Monday – Friday and must work 30 hours each week to maintain full-time status. Occasional evening and weekend work may be required as job duties demand.
Physical Demands:
Office environment with frequent sitting, walking and standing, occasional climbing, stooping, kneeling, crouching and balancing. Frequent use of eye, hand and finger coordination enabling use of office machinery. This position requires the ability to occasionally lift office products and supplies, up to 20 pounds. Oral and auditory enabling interpersonal communication as well as communication automated devise such as the telephone.
At Starboard Cruise Services and Onboard Media curating a vibrant world can only be accomplished by vibrant and diverse teams. We are committed to nurturing a workplace where you can feel safe to show up authentically and thrive while being uniquely you. Our North Star guides us to deliver equal employment opportunities for all individuals and to providing employees with an equitable work environment free of discrimination and harassment. We also aim to extend this commitment to the partners we work with and the guests we serve. We are constantly listening, learning, and evolving to deliver on these promises.
We believe our differences make us stronger and are curious to see you leverage your lived experiences to strengthen our team, our culture and your career. At Starboard Cruise Services and Onboard Media we take action so that no one is discriminated against because of their differences, such as age, disability (physical, mental or sensory), ethnicity, gender, gender identity and expression, religion, sexual orientation, military/veteran status, genetic information, family care status or any other basis protected by federal, state or local laws. All employment decisions will be made based on business needs, job requirements and individual qualifications.
So come onboard with us and celebrate a culture that attracts top talent with shared values and forms the foundation for a great place to work.