IT Security Analyst in Garner, NC at Butterball

Date Posted: 6/26/2021

Job Snapshot

Job Description

Position Purpose

The IT Security Analyst provides support for a variety of operational and consultative functions.  The IT Security Analyst helps design, implement, manage, and monitor security controls to protect the confidentiality, integrity, and availability of the organization’s information assets in accordance with legal, regulatory, and institutional requirements. The IT Security Analyst also acts as a subject matter expert in relevant domains of knowledge, and will work in collaboration with all plant, office, and management staff.

 

Responsibilities/Duties/Functions/Tasks

This position may include the following duties and responsibilities:

  • Conduct risk assessments, external and internal vulnerability scans, and assist with penetration tests to identify security risks, and report on findings to system owners and management.
  • Using output from risk assessments and requirements analysis, assist system, application, and data owners/managers with selecting security controls and documenting system security plans and policies.
  • Review existing security plans and policies with system, application, and data owners/managers to ensure that controls are properly implemented, and to proactively identify any gaps that may result in non-compliance with regulatory requirements.
  • Use professional judgment and institutional knowledge to assess risk levels, conduct forensic investigations, provide guidance on remediation planning, and prioritize remediation efforts.
  • Experience writing policies, procedures & standards .
  • Experience defining, implementing and facilitating an Incident Response procedure
  • Help establish, measure, monitor, refine and communicate Key Performance Indicators (KPI's).
  • Work with vendors and consulting relationships to ensure service level agreements are established and met.
  • Assist with development and deliver security awareness training for the organization’s staff.
  • Respond to relevant service requests received from end users.
  • Monitor computer networks for security issues.
  • Investigate and remediate security breaches and other cybersecurity incidents.
  • Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
  • Document security breaches and assess the damage they cause.
  • Work with all IT teams to perform tests and uncover network vulnerabilities.
  • Documents and fix detected vulnerabilities to maintain a high-security standard.
  • Stay current on IT security trends and news.
  • Ability to help team members learn new skills.
  • Develop company-wide best practices for IT security.
  • Help colleagues install security software and understand information security management.
  • Research security enhancements and make recommendations to management.
  • Work within the IT Management System and contribute to its continuous improvement.
  • Participate and sometime lead in other activities necessary to support the information security program.
  • Be able to clearly document team processes and workflows. Look for opportunities to improve and streamline these workflows for efficiencies.
  • Help foster a collaborative environment throughout the organization with other groups and departments and encourage a mindset of collaboration and participation.
  • Functional knowledge of project management fundamentals, able to coach and guide IT Security Project Managers on successful project management techniques. 
  • Performs other related duties incidental to the work described herein.

Qualifications

  • Bachelor’s degree or equivalent experience in a related technical field
  • Minimum of 3-5 years’ experience in information security or related field .
  • Experience with computer network penetration testing and techniques
  • Hands on technical leader
  • Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
  • Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
  • Understanding of patch management while understanding business impact.
  • Must have a working knowledge of the following information security practices, standards, and systems:
    • Encryption technologies and standards
    • CIS Critical Security Control implementation
    • Endpoint security software
    • SAP ECC security (Rights, identifiers and profile development)
    • Governance, Risk, and Compliance (GRC) systems
    • Identity and Access Management (IAM)
    • Incident response practices
    • Network security (e.g. firewalls, IDS/IPS, VPN, etc…)
    • Risk assessment practices
    • Security Information Event Management (SIEM) systems
    • Vulnerability management practices and scanning tools
  • Must have a working knowledge of at least one of the following regulatory compliance requirements and IT management frameworks:
    • SOC
    • ITIL
    • NIST SP800-53 and related standards
    • CIS Critical Security Controls
  • The ideal candidate will have demonstrated the following characteristics through past professional and educational experiences:
    • A broad understanding of multiple IT disciplines and technologies
    • Learn SAP Security Weaver tool
    • Strong focus on customer satisfaction
    • Strong written and oral communication skills
    • Strong critical thinking, analytical, and problem solving skills
    • Able to troubleshoot problems in complex technical environments
    • Able to work independently or as part of a team as necessary
    • Able to effectively prioritize tasks with competing deadlines
    • Able to maintain a positive attitude in challenging circumstances
    • Self-starter who is able to work with minimal direction
    • Able to work effectively across multiple technical disciplines
    • Strong interpersonal skills and the ability to build relationships with colleagues, customers, vendors, and other third parties

Preferences

  • An information security industry certification (e.g. CISSP, CISM, CISA, CEH, or equivalent).
  • A technical or management certification (e.g.CCNP, CCIE, or PMP).
  • Experience with SAP's role-based security concepts.
  • Experience with SCCM, Tenable, KnowBe4, Splunk, CMG, Cisco Security Suite.

Not Ready to Apply?

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.