IT Security Analyst
IT Security Analyst
(IT Applications, Clayton Office)
EaglePicher’s Clayton Office in St. Louis, MO is in need of an IT Security Analyst!
From aircraft power to life-saving medical devices, our various energy solutions have emerged from EaglePicher Technologies’ long-standing specialty battery business. Since its introduction to the industry in 1922, EaglePicher Technologies has become the most diversified battery manufacturer in the world. When you demand the highest quality and most reliable energetic devices, EaglePicher is the only name you need to know.
ABOUT THE POSITION
This position is responsible for managing and continuously improving organization’s Information Security program in meeting NIST 800 – 171 and DFARS requirements. As an IT Security Analyst, you will periodically conduct risk assessments to measure and report progress related to security and compliance initiatives, as well as improve the overall security posture to meet the expanding and changing business needs of the organization.
Your core responsibilities will be to:
- Lead, conduct and maintain security risk assessments, identify security vulnerabilities, develop recommendations, document findings and implement remediation plans.
- Ensure that the Information security program and strategy of the organization are effectively implemented and maintained.
- Lead the Incident response and security awareness training program, in collaboration with Human Resources, Legal and internal training departments to ensure the confidentiality, integrity and availability of enterprise information assets.
- Evaluate system and network device configurations against NIST 800-171 standards to ascertain the readiness and compliance of applicable systems, applications, and processes.
- Develop and maintain the organization’s System Security Plans (SSP) and contingency plans to ensure compliance towards regulatory and customer requirements.
- Develop and implement DLP policies, data classification policies and response actions in collaboration with business stakeholders geared towards protecting the intellectual property and Covered Defense Information.
- Continuously monitor status and effectiveness of technical, physical and administrative controls ensuring key risk indicators are effectively monitored to prevent unacceptable impact on organizational objectives and reputation.
- Participate and facilitate internal and external security audits as necessary and produce final reports for management review.
- Perform periodical checks of the systems during independent testing and document results to update the plan of action and milestones (POA&M) document.
- Liaise between managed security services provider and internal IT teams to prioritize and remediate vulnerabilities and risks.
- Periodically monitor, review and audit the internal IT security systems and associated controls to measure and report on the operational effectiveness and impact to existing systems.
- Coordinate and participate in table top exercises to support the maintenance and testing of Incident Management and Disaster Recovery Plans.
- Participate in the defense industry collaborative efforts to monitor, share, and discuss emerging security threats via support organizations such as DSS, DISE and NDISAC.
- Define security standards & incident response plans to detect, respond and recover from security incidents using a risk based methodology
- Ensure business and technical requirements are aligned to security policies and are implemented within regulatory and corporate compliance.
To succeed in this position, you must:
- Be a U.S. Citizen or a Permanent Resident.
- Have a Bachelor's degree in Computer Science, Cybersecurity, Computer Engineering, Information Assurance, or a related discipline.
- Possess 3-5 years of experience in dealing with information security, system audits and analysis.
- Have 5-10 years of experience in Information Technology or related discipline.
- Possess an understanding of the NIST Cybersecurity Framework, NIST 800-53 and NIST 800-171 security controls, security practices and procedures.
- Be knowledgeable of Cloud system design and privacy data security.
- Have a working knowledge in securing Networks and Operating Systems to Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) standards including Windows and Linux Servers and Workstations.
- Have experience working with Enterprise SIEM, log sources, and incident escalation.
- Possess excellent written communication and presentation skills with the ability to present complex security related topics.
- Have an excellent understanding of security best practices including ISO 27002, NIST Cybersecurity Framework.
In addition to meeting the basic requirements, the most successful candidates will also have:
- A Certified Information Security Auditor (CISA) or Certified Information Security Manager (CISM) Certification.
- The ability to obtain and maintain DoD Secret level security clearance.
PERKS OF BEING AN EAGLEPICHER EMPLOYEE
Some of the great things about being an EaglePicher employee include:
- Medical, dental, vision, life, and disability insurance;
- 10 paid holidays and PTO;
- Matching 401K;
- Tuition reimbursement;
- Dependent scholarship programs.
EaglePicher Technologies, LLC is a leading producer of batteries and energetic devices for the defense, aerospace, medical, commercial, oil, and gas industries. The company provides the most experience and broadest capability in battery electrochemistry of any battery supplier in the United States. Battery technologies include lithium ion, thermal, silver zinc, lithium carbon monofluoride, lithium thionyl chloride, lithium manganese dioxide, lithium sulfur dioxide, and reserve lithium oxyhalide. EaglePicher also provides custom battery assemblies, battery management systems, pyrotechnic devices, and other power solutions. EaglePicher Technologies is headquartered in Joplin, MO. and is ISO9001:2008, ISO 13485, and AS9100C certified. For more information, visit www.eaglepicher.com.
EaglePicher Technologies LLC is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.