Job Description :
Job Title: Senior Cyber Security Resource

Duration: FULL TIME (Salary $130K)

Location: Troy, MI

Must have 3+ years of experience in penetration testing

Description:

Senior-level Cyber security Analyst with several years of security systems experience including management, configuration and use of information security tools and techniques, across a medium-to-large enterprise, spanning data centers, networks, end points, and mobile devices. Enable business risk, securely. As the threat intelligence lead, the position will vigilantly seek information on new or potential security threats, actively manage threat events, and lead the incident response, escalation, and forensics analysis.

The position will ensure the Company’s ability to detect, respond to, and protect IS Infrastructure from cyber-attacks, intrusion attempts, and security breaches. Penetration testing to identify vulnerabilities and recommend safeguards as preemptive measure is also part of the position’s responsibilities.

The position monitors networks, computers, and applications, looking for events and traffic indicators that signal intrusion. The position also determines the damage caused by detected intrusions, identifies how an intrusion occurred, and recommends safeguards against similar intrusions.

Included in the above, the position is responsible for process documentation for all security systems, and for threat detection activities including remediation steps and escalation points. Position is also responsible for maintaining perimeter security system metrics and KPIs.

The position also requires deep understanding of cybersecurity principles, trends and emerging technologies; an ability to identify risks associated with new technologies, and to decide on the right controls to mitigate such risks. This includes participation in professional organizations focused on threat protection and intelligence.

The successful candidate will maintain a close working relationship with the Company IS leaders, and display a capability to distill complex security issues and events into oral or written communications. An ability to ensure accurate and timely alignment with business requirements, without introducing unmitigated security risks, is a key requirement.

The scope of this position includes:

· Reporting to the Senior Director of IS Security, regular monitoring of all information security systems for cyber-attacks, intrusion attempts, and security breaches within Meritor, and timely responses to any violation or threat.

· Lead security threat intelligence gathering on new or potential security threats, actively manage threat events, and lead the incident response, escalation, and forensics analysis.



Key Responsibilities:

o Act as the subject matter expert for all topics related to cyber and application security, and maintain expertise in current and emerging technologies

o Monitor and scan for security vulnerabilities, threats and events in network, host systems and applications

o Perform penetration testing to identify vulnerabilities and recommend safeguards as preemptive measures.

o Act as a focal point for IT security investigations, direct responses, and recommend course of action

· Develop strategies to handle security incidents and coordinate investigative activities

· Develop standard processes and documentation for security incident tracking and management, in all locations

o Work closely with the business groups as a consultant to understand and deliver secure and reliable solutions to business problems

o Identification, selection and implementation of new Information Security and Cybersecurity capabilities.

o Review and make recommendation on any exception request to established security standards

o Review SaaS, PaaS, IaaS and outsource provider performance data to identify trends and issues and develop performance improvement plans

o Provide input to the CyberSecurity Delivery Technology Roadmap

· Assist in architecting and implementing managed service solutions

· Lead future service delivery strategy development for information security with the latest technologies, intelligence, and potential threats

o Understand and utilize change management, project management and incident management processes

Education, Experience and Skills

Required

· Bachelor’s Degree in Computer Science, Information Systems, or Engineering, or equivalent work experience with an information security focus.

· 5 or more years and extensive experience in Information Security Forensics, malware identification, penetration testing, intrusion detection and defense in depth concepts, and strategic thinking on security issues.

· Deep technical knowledge of current trends in cybersecurity, secure application coding methodologies and testing, host and network forensics, and cryptology

· Hands-on experience and skill in the details of security threats, incident response, and penetration testing.

· Possess strong skills to lead cross-functional teams (internal/client/vendor/onshore/offshore) and work collaboratively with all levels of technical and business teams.

· Possess solid written and verbal communication skills, and polished presentation skills



Desired:

· Experience in information protection, information security and/or cybersecurity

· Experience with Intrusion Prevention Systems, Firewalls, Identity Management, and log correlation systems as well as their interrelationship with other IT systems

· Strong knowledge and understanding of cybersecurity operations as structured in NIST, ISO, ITIL, COSO and COBIT frameworks

· Experience working with complex ERP software applications and integration projects

· Experience in security architecture, assessments, product reviews, consulting

· Ability to work independently, driven to hunt for potential threats, as well as collaboratively in a cross functional team

· Ability to motivate people, instill accountability and achieve results

· Security certifications including CISSP or Certified ethical hacker, would be a plus.