IT Cyber Security Engineer

Company Description

Founded in 1948, Norco is headquartered in Boise, Idaho and has more than 70 branches in Idaho, Montana, Oregon, Nevada, Washington, Utah and Wyoming. As a family and employee owned company we operate the nation's largest independent gas manufacturer/distributor of welding, safety, medical equipment and supplies. Norco is proud to be among the thousands of privately-owned businesses nationwide that offer their employees a meaningful stake in the business through employee stock ownership (ESOP).

At Norco we share a common mission: "Serving You Better." Treating customers, suppliers and each other with respect and dignity is our top priority. We work hard every day to serve others and create rich lives for our employees, their families, and the communities where we work and live.

Job Description

Norco is currently seeking an individual to fill our IT Cyber Security Engineer position. The Cyber-Security Engineer position is primarily responsible for monitoring and responding to cyber security threats to the Norco Network and systems in concert with our MDR (Managed Detection and Response) providers. The role also involves researching IT trends, keeping business continuity plans and procedures up to date, reviewing suspicious activities, respond to security breaches or incidents, and education of Norco staff on security measures, procedures, and policies. The Cyber Security Engineer will work closely with other IT professionals implementing threat protection and security controls within the entire organization. Other responsibilities include, but are not limited to:

• Monitor and coordinate responses to cyber security threats with MDR partner.
• Design, implement and maintain security measures to protect systems, network and data
• Monitor and analyze network traffic for security concerns and vulnerabilities
• Conduct regular security assessments and vulnerability scans.
• Develop, edit, and enforce security policies, procedures and standards.
• Stay up to date with the latest security trends, threats and technology solutions.
• Train employees in security awareness and emerging technologies in respect to cyber security.
• Support implementations and projects to cyber security requirements.
• Act as a trusted cyber security advisor for the business in a quickly changing environment. 
• Facilitate multiple stakeholders to agree on appropriate solutions and verify that security risks are mitigated appropriately. Verify that required security controls are baked into new products. 
• Identify system limitations that could lead to regulatory risks and provide guidance for resolution and risk mitigation. 
• Carry out risk assessments and gap analysis of multi-networks and cloud environments using compliance standards and frameworks such as PCI DSS, ISO, HIPAA, and NIST
• Manage the overall efforts of the team to plan for, prioritize and implement corrective actions to resolve the findings in audits.
• Follow Safe work practices in performance of all duties and follow the company’s safety policies daily.
• Stay informed of and adhere to company policies and procedures
• Work well with team
• Perform other tasks as assigned or needed

Qualifications

• Bachelor’s degree in computer science, Information Systems or related field; or minimum 7 years of information system work experience
• Cyber security certification a plus
• Advanced IT knowledge of computer networks, operating systems, software, hardware, and information security, especially involving Microsoft technologies including Azure.
• Excellent understanding of cyber security risks and exploits associated with various commonly used technologies and platforms
• Excellent working knowledge of security technologies and solutions including network and application firewalls, host intrusion prevention, data loss prevention, etc.
• Basic understanding of information security testing including penetration testing, and other security evaluation techniques using a wide range of security testing tools.
• Knowledge of Active Directory, DNS, PKI, SAML, TLS.
• Experience securing and working within large scale, multi-site networks.
• Experience with secure remote access/WAN technologies (IPsec, VPN, etc.).
• Experience deploying web application firewalls.
• Experience installing security controls- for example WAFs (web application firewall). 
• Basic familiarity with most common exploited CVEs and remediation methods
• Strong knowledge of security topics including network and application security, infrastructure hardening, security baselines, and web server / database security. 
• Knowledge of network-based and system-level attacks and mitigation methods

Additional Information

Norco offers a competitive compensation/benefit package, including:

• Employee Stock Ownership Plan (ESOP)
• Health, Vision and Dental Insurance
• Health Savings Account (HSA) 
• Medical and Dependent Care Flex Accounts (FSA)
• Life Insurance provided at no cost to employee by Norco 
• Supplemental Accident, Disease, and Life Insurance options
• Employee Tuition Reimbursement
• 401(k) with Employer Matching
• Wellness Program
• Employee Discount on products sold by Norco

Norco, Inc is an Equal Opportunity/Affirmative Action Employer
Norco provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Norco, Inc is a Drug-Free workplace.