Cyber Risk Analyst

Company Description

The South Carolina Ports Authority (SCPA) owns and operates public seaport and intermodal facilities in Charleston, Dillon, and Greer. Our 600+ employees handle cargo, operate and maintain cargo handling equipment, manage port facilities and operations, and support the port system in a fast-paced 24/7 environment.

Job Description

Job Summary

Works with the General Manager, Information Security, and Senior Cyber Risk Analyst to identify and help resolve highly complex issues to prevent, detect, and respond to cyber-attacks on information systems and to keep computer information systems secure from interruption of service, intellectual property theft, network viruses, data mining, financial theft, and theft of sensitive customer data, allowing business to continue as normal.

Install, configure, and manage security mechanisms that provide protection, detection, and response capabilities for networks and information systems against hackers, breaches, viruses, and spyware.

Respond to incidents, investigate violations, and recommend enhancements to plug potential security gaps.

Participate in periodic cybersecurity vulnerability assessments for the organization with assistance from external consultants.

Implement policies and procedures for antivirus software, firewalls, and other security systems to protect the organization’s digital assets. Use emergency and event response procedures for handling security breaches. 

Essential Job Responsibilities

• Become a subject matter expert for the threat and vulnerability platform.
• Contribute to roadmap development for threat and vulnerability management services.
• Contribute to critical vulnerability identification and response exercises.
• Become the early informer of critical vulnerabilities and exposures relevant to safeguarding the company's information.
• Maintain advanced knowledge of complex industry trends, current security issues, and security technology development. Provides updates to management on potential threats and risks that could impact the business/operations.
• Perform security, risk, and vulnerability assessments of wired and wireless networks, information systems, and applications.
• Work with business and application owners on security throughout the system design lifecycle.
• Contribute to IT Backup Plans, Disaster Recovery Plans, and Incident Management Plans.
• Work with IT members on day-to-day security monitoring functions, incident escalation, security systems, and applications.
• Assess and monitor IT compliance with enterprise policies, processes, and procedures.
• Analyze and evaluate security operations to identify risks or opportunities for improvement.

Additional Job Responsibilities

• Other duties as assigned- This job description in no way states or implies that these are the only duties to be performed by this employee. He or she will be required to follow any other instructions and to perform any other duties requested by his or her supervisor.

Supervisory Responsibilities

None

Qualifications

Minimum Qualifications

Education and Experience

• A Bachelor’s Degree in Computer Science or minimum 2 years working knowledge in the field of Information Technology.
• A valid South Carolina driver’s license is required to operate a Ports Authority owned licensed motor vehicle.
• Technical knowledge in logical and physical security in application, operational, facility, network and computer (server, workstation, mobile, etc.) security.
• A minimum of 2 years of hands-on, technical experience in one or more of the following areas: computer and network security; vulnerability testing; intrusion detection, prevention, correlation, and analysis; security monitoring, or computer forensic analysis.
• Possess one or more of the following unexpired credentials or certifications as a member in good standing with the parent credentialing organization: Security+, CISSP, SANS, CEH, OSCP, GPEN, ISAM/ISRM, or other relevant industry security certification within 180 days of hire date.

Skills and Abilities

• Knowledge in securing operating systems and network infrastructure.
• Knowledge in securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS.
• Basic understanding of encryption fundamentals.
• Fundamental systems administration and deployment knowledge for operating systems, virtualization, web servers, database servers, networking devices, etc.
• Understanding of common exploitation techniques and mitigations.
• Familiarity with threat intelligence platforms and MITRE ATT&CK & D3FEND frameworks.
• Strong documentation skills.
• Strong interpersonal skills, including verbal and written communication. 
• Must possess ability to make accurate analytical decisions.

Preferred Qualifications

• Experience implementing, managing, and supporting a vulnerability management platform.
• Certified Ethical Hacking (CEH) and network penetration testing experience.
• Vulnerability assessment process and tools experience.

Ideal Candidate Interests:

• Passion for protecting national critical infrastructure and public safety
• Curiosity about emerging threats and cyber-physical systems
• Curiosity about emerging technology
• Commitment to continuous learning and professional development
   

Physical Requirements and Working Conditions

• Vision is required to analyze and process various forms and documents utilized within the framework of performing assigned tasks.
• Hearing is required to adequately perform telecommunication functions.
• Ability to verbally communicate clearly with vendors, customers, co-workers, etc.
• Ability to operate a computer keyboard and view a computer monitor screen.
• Some irregular hours of work may be necessary to perform regular assigned computer work.
• Extended hours may be required.

Additional Information

SC Ports Authority is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race; creed; color; religion; alienage or national origin; ancestry; citizenship status; age; disability or handicap; sex; pregnancy, childbirth or related medical condition; marital status; veteran status; sexual orientation; gender identity; genetic information; arrest record; or any other characteristic protected by applicable federal, state or local laws.  Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities and general treatment during employment.

All your information will be kept confidential according to EEO guidelines.