In support of our client, a large steel manufacturer, ResourceTek is seeking a Cyber Security Analyst to join their team in Reading, PA. This is a 6-month consulting contract opportunity and is fully remote.
- Guides multiple teams with secure enterprise, manufacturing, and cloud app design.
- Leads cybersecurity technology projects and lifecycle management.
- Provides security technical assistance for IT projects intended to enable or advance business initiatives.
- Contributes with Identity and Access Management (IAM) duties including user account access design, password vaulting, SSO/MFA, periodic access review, and encryption key management.
- Supports secure integration of Cloud and Third-party Applications Assists with cyber-threat monitoring and incident response.
- Monitors key security intelligence feeds and escalates relevant risks.
- Performs daily security operations duties including handling service requests from Business and IT teams.
- Updates standard operating procedures and as-built documentation.
- Routinely publish performance metrics.
- Leads continuous improvement initiatives using authoritative security frameworks (NIST CSF, ISO2700x, etc.)
- Advises multiple teams with recurring patch and vulnerability management duties.
- Facilitates third-party penetration testing (Ethical Hacking) to confirm design and operational effectiveness of security controls Guides employees with security and IT policy (e.g., password complexity, encryption settings, etc.)
- Routinely publishes Governance, Risk, and Compliance (GRC) guidelines and metrics.
- Examines design and operational effectiveness of security controls.
- Coordinates audit engagements led by Internal Audit, Regulator, or external audit firm.
- Supports assessment of internal and third-party cybersecurity risk.
- Examine audit reports (e.g., SOC 1, SOC 2, ISO 27001, etc.). Assist with customer inquiries about the company compliance related to IT and Security.
- Bachelor of Science degree in computer science or related field or a combination of business-related function experience, education, or related certifications (e.g., ISC2 CISSP) with experience
- 6 - 10 years of related experience with Access Management, Security Operations, Network Security, Vulnerability Management, Compliance, or Audit Advanced understanding of information technology
- Advanced knowledge of multiple security domains and common security controls
- Expert knowledge of 2-3 security domains
- Familiarity with common hacking techniques (e.g., malware, phishing, etc.) and effective counter measures
- Adoption of security best practices and industry standards (e.g. NIST, ISO, CIS, COBIT, etc.)
- Hands-on operation of cybersecurity infrastructure (e.g., Firewalls, Intrusion Detection, AV, PKI, Encryption, etc.) and configuration experience Security Incident Response Handling Malware analysis
- Support Data and Digital Platform (DDP) and secure cloud framework Improve NIST Cybersecurity Framework (CSF) Capability Maturity Advance Mill Network Isolation and Firewall Review
- Improve Patching and Vulnerability Management Create Technical Policy, Standards, and Procedures
- Improve Logical Access Control (MFA/SSO/PW Vaulting) Data Loss Prevention and Tagging Remote Access standardization Security Operations and Incident Response
- MUST BE US CITIZEN
ResourceTek offers a competitive salary and a comprehensive benefits package. Equal Opportunity Employer.