Information Security Analyst

The Opportunity

The Information Security Analyst is responsible for identifying cyber security trends, developing Ulteig’s cyber security program, developing and maintaining our cyber security roadmap, managing cyber security risk, including disaster recovery, security certifications, assessments, controls, and security awareness activities.

What You’ll Do

• Coordinate with IT and risk management leadership to ensure known Information Security risks are documented and corresponding action plans have been developed as appropriate
• Develops new or modifies existing security controls, processes, policies and procedures
• Responsible to build Cyber Security program to attain and maintain relevant security assessment certifications (Ex. SOC II Type II, CMMC)
• Leads the company’s security awareness program, including training and ongoing communication efforts
• Facilitates security control implementation and security assessment activities in a hybrid cloud environment.
• Participates in the security community by attending events, exchanging best practices, seeking certification, and promoting security awareness internally and externally
• Identifies areas that would automate or improve aspects of the audit process to improve efficiency
• Responsible for supporting and enhancing our Data Loss Prevention (DLP) and data discovery environments
• Create and manage a document and evidence repository in support of security compliance
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
• Manage security audits, assessments and tests Proficient in controls testing and associated compliance monitoring
• Collaborate with Devops team to identify security gaps and initiatives.
• Performs security assessments of internal processes and systems; recommends mitigating actions
• Performs security assessments of 3rd party technology solutions
• Track and report status of remediation items assigned to technology owners to ensure completion. Communicate statuses and escalations to technology leadership.
• Manage the day-to-day activities of threat and vulnerability management, recommend risk tolerances, recommend treatment plans and communicate information about residual risk.
• Lead security audits and act as an advocate for security team in customer interactions on security issues
• Stay updated with applicable Information Security compliance and regulatory requirements to assess audit and compliance risks
• Anticipate new security threats and stay-up to date with evolving infrastructures.
• Investigates security incidents, creates, and distributes related reports
• Maintains communication with vendors regarding security system updates and technical support security products
• Coordinates with technology counterparts on security initiatives
• Consult with IT to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
• Manage security projects and provide expert guidance on security matters for other IT projects
• Leads the disaster recovery planning team in the selection of recovery strategies and lead the development, testing and maintenance of disaster recovery plans.
• Identifies appropriate Incident Response Tabletop topics and conducts annual exercises.
• Develop and maintain critical security metrics/KPIs and reports for regular presentation to senior leaders
• Serve as an active and consistent participant in the Information Security governance process.
• Lead the cross functional Information Security Working Group and Information Security Governance committees.
• Respond to client security requirements and prequalification requests.

Disclaimer: The preceding description is not designed to be a complete list of all duties and responsibilities required of this position.

What We Expect from You

• Proven experience applying security frameworks such as NIST and CIS to real world, production environments.
• Good working knowledge of regulatory frameworks such as ISO2700x, CMMC, NIST, SOC2, PCI, HIPPA and GDPR
• Strong experience with Azure Active Directory, Identity protection, and Multifactor Authentication
• Requires 2-4 years of experience designing secure networks, systems and application architectures.
• Requires 2-4 years of experience managing a company Information Security program.
• Bachelor’s degree in Computer Science or related field required.
• Strong understanding of endpoint security solutions to include File Integrity Monitoring and Data Loss Prevention
• Strong understating of utilizing SIEM and SOAR solutions (knowledge in Azure sentinel or FortiSIEM knowledge preferred)
• Experience with email security solutions.
• Knowledge of information technology trends and impact on related security procedures and processes and the current and development
• Knowledge and skills including technical or functional expertise, business acumen and financial analysis skills, risk management, critical thinking and decision-making skills
• Advanced knowledge of authentication, IT services access policies, and related internal and external security considerations
• Must have authorization to work permanently in the U.S.

 As you consider applying for a position at Ulteig, we encourage you to think outside the box – because we do! You might not meet 100% of the skills listed in a description, but we are committed to hiring people with exceptional talent, ability and potential, and then creating an environment where they can become the best versions of themselves. We don’t want to miss out on the possibility of speaking with the next outstanding Ulteig team member, so please apply if you think this role is a great match for your unique skills and strengths. And, yes, relevant military experience is absolutely considered for transitioning service members.

What You Can Expect from Ulteig

Ulteig is a purpose driven organization that has built a culture focused on people – both our clients and our employees for over 75 years. Working at Ulteig is more than a job, it means you will have the opportunity to make a difference by creating and solving for a sustainable future. We realize that a huge part of our success has relied heavily on the dedication and focus of our workforce; this is why we make investing in our employees a top priority. Being 100% employee-owned means, we take our own success and the success of our clients personally.

We offer our team members:

• Flexible Workplace
• Employee Ownership
• Competitive Pay
• Comprehensive Benefits Package
• Collaborative Environment
• Innovative Culture

Our vision is to be the most trusted partners transforming our world’s critical infrastructure. Ulteig connects people and resources to develop compelling, integrated solutions across multiple Lifeline Sectors®, including power, renewables, transportation and water. Ulteig's footprint spans the country and leverages its expertise with a wide range of public and private clients. 

At Ulteig, we deeply care and listen to the needs of our team to ensure they are comfortable and have the necessary tools to be productive whether they choose to work remotely, hybrid or in office. We strive to allow a balance and separation between home and work life and provide support and a flexible working schedule so that employees are able to focus on what's important to them. Our offices are currently open, and employees have the option of accessing them to work. We will continue to monitor and respond to COVID-19 proactively to ensure the safety of our valued employees.

If you would like to be a part of a company that empowers their employees, apply today! 

Ulteig is a Drug Free Workplace

 ACHIEVE | GROW | COLLABORATE

Additional Opportunity Details:
Compensation Range is Generally +/- 15% of Position Mid-Point of $98,000
* The salary displayed represents the middle of a range. Factors that may be used to determine your actual salary include your job specific skills, education, training, job location, number of years of experience related to this role and comparison to other employees already in this role

Notice to Recruiters and Staffing Agencies:  to protect the interests of all parties, Ulteig Engineers, Inc., will not accept unsolicited resumes from any source other than directly from a candidate or an approved vendor that has a written and signed agreement in place with Ulteig. Please do not contact or forward resumes to our company employees or locations. Any unsolicited resumes will be considered Ulteig property. Ulteig is not responsible for any charges or fees related to unsolicited resumes.