Job Purpose
The Cyber Security Engineer reports to the Cyber Security Manager and is responsible for driving security posture improvements and ensuring effective delivery of security functions like security incident detection and response to support Enviva’s mission and objectives. This newly created position will be part of a high performing team and assist the Cyber Security Manager in executing the Enviva Cyber Security strategy and road map to protect Enviva’s assets from security threats.
A successful candidate will be a resourceful self-starter capable of owning security solutions and platforms and the incident detection and response function end-to-end and will work closely with the Cyber Security Manager, a peer Cyber Security Engineer and other IT towers to support corporate objectives and planned projects.
Responsibilities
- Advance the Cyber road map and contribute to identification, prioritization, and implementation of security posture improvements.
- Maintain and optimize security software and tools.
- Troubleshoot outages, service degradation or general connectivity issues attributed to security devices or policy and propose and implement corrective solutions.
- Evaluate capabilities and effectiveness of control environment and its individual controls and platforms, recommend required enhancements to the Cyber Security Manager, and implement proposed enhancements and improvements within planned timelines and budget.
- Liaise with the Managed Detection and Response (MDR) services provider and ensure quality delivery through reporting and governance.
- Respond to and investigate potential and confirmed security incidents, lead response efforts, lessons learned, and implementation of proposed security improvements.
- Work with members of IT, application and system owners, and the business when required to remediate systems and applications with detected vulnerabilities.
- Work closely with peers in the Infrastructure and Enterprise Applications teams to ensure IT solutions are designed and deployed with security in mind. This involves participating in change management, ad hoc architectural reviews, and tech product assessments.
- Consult with lines of business to guide security best practices and offer solutions when the need arises.
- Lead the threat and vulnerability management function leveraging vulnerability management tools, establishing and implementing process, and measuring compliance through reporting to management and stakeholders like application owners.
- Support Cyber Security Manager’s executive reporting responsibility by providing metrics, incident details and trends, and solid analysis to present point-in-time security posture, program health, and progress of security initiatives and improvements.
- Partner with Corporate Communications team to apprise user community of potentially impacting security enhancements or changes.
Qualifications
- A bachelor’s degree in Information Technology, Information Systems, Engineering, or a related technical field. Additional “on the job” experience in IT and cyber security may be substituted at hiring manager’s discretion.
- Industry certifications, or demonstrated extracurricular participation in one or multiple security domains are required.
- Minimum 10 years of experience in IT.
- Minimum 5 years of experience in IT Security.
- Candidate must demonstrate hands-on experience in the below areas:
- M365 Security
- Endpoint Protection
- Identity Governance and Identity Administration (IGA)
- Zero trust principles and application.
- A diverse technical skill set with the desire to stay “up to speed” with the changing threat landscape, trends, and security solutions on the market.
- Demonstrated knowledge of tactics, techniques, and procedures (TTP’s) commonly used by threat actors and indicators of compromise (IoC’s).
- Awareness of cyber attack models- MITRE Att&ck, Cyber Kill Chain and how these translate to defense planning.
- Solid understanding of security in platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS).
- Ability to quickly assess risk impact from environment changes like implementation of new solutions or software, network design change or integration, and modification of system features.
- Motivation and drive to continually “survey” the threat landscape and seek out optimization opportunities to improve effectiveness of controls.
- Willingness to learn the design and operation of the greater tech stack and enterprise shared services to recognize opportunities for optimization, understand the impact of implementing prevention, and contribute to project planning.
- Ability to maintain a people, process, technology view through design, build, and run phases of service and solution delivery.
- Ability to handle multiple tasks, prioritize and meet deadlines.
- Familiarity with regulatory and legal obligations:
- Understanding of IT Security frameworks:
- Excellent written and verbal communication skills.
- Able to lead or participate in Cyber Security incident response and investigations.
- Relevant experience in manufacturing, industrial, or energy industries recommended.
Preferred Qualifications - What Will Set You Apart
- Desired Certifications (or equivalent demonstrable experience):
- One of the below:
- CEH
- CISSP
- CompTIA Security+
- Plus one or more vendor specific certs:
- Microsoft (preferred)
- NextGen firewall/UTM vendor cert (e.g., Fortinet, Palo Alto)
- SANS certification demonstrating specialized knowledge within a security domain.
- Knowledge of PowerShell.
Working conditions
Normal office hours – however, could be longer hours when business requires. This position will assume a shared responsibility of ensuring applications are available 24x7x365.
Physical requirements
N/A
Travel requirements
Up to 25% domestic travel to Enviva facilities. Occasional international travel may be required depending on future business needs.
EEO Statement
Enviva is dedicated to the principles of equal employment opportunity (EEO) in any term, condition or privilege of employment. Enviva does not discriminate against applicants or employees on the basis of race, color, creed, religion, sex, national origin, age, physical or mental disability, ancestry, marital status, sexual orientation, gender identity or expression, veteran status, uniform service member, genetic information or any other status protected by law. Enviva complies with applicable state and local laws governing nondiscrimination in employment in every location in which we operate.
#J-18808-Ljbffr