Job DescriptionThe
Sr. Security Analyst position is a critical role in the protection of StandardAero's enterprise business and technology operations. In this role, you will be accountable for identifying weaknesses in network and security systems and implementing solutions to improve our global security posture. Your efforts will require solid communication and teamwork within the global organization. The role is an integral position in supporting StandardAero's enterprise cyber-security defenses, providing tactical cyber security objectives and implementing the security strategy across the organization.
Locations: San Antonio, TX, Dallas, TX, Maryville, TN, or Cincinnati, OH preferred
What you'll do:- Configure, analyze, report and address security alerts within the IT technology stack across global locations
- Proactively remediate information technology security threats as the SME for the security team
- Design, document and implement IT security measures and controls to ensure compliance mandates
- Manage, architect and implement security-specific technologies (Firewalls, IDS/IPS, Web and Email Security, SIEM, MFA, SSO, Proxies, etc.)
- Anticipate security alerts, incidents and disasters in order to reduce their likelihood
- Conduct risk and security assessments through vulnerability analysis, patch management and mitigation
- Perform mitigation support for both internal and external security audits
- Investigate, analyze and document security breaches to identify and document the root cause
- Understand the Cyber Kill Chain and what defensive options are available at each step
- Provide Threat Hunting support and mentoring against anomalous behavior within the enterprise
- Partner with the server and network teams to remediate network and system vulnerabilities
- Remediate detected vulnerabilities to maintain a high-security standard and provide guidance in remediation
- Develop and document company-wide best practices for IT security
- Research security enhancements and make recommendations for improved policy and process
- Analyze IT requirements and provide objective advice on the use of new IT security offerings
- Stay up-to-date on information technology trends and security standards
- Design, implement, administer, support and maintain cybersecurity technology systems (Endpoint Protection, IDS/IPS, Web and Email Security, SIEM, Multi-Factor Authentication, Network Access Controls, DLP, etc.)
- Analyze, report and respond to security alerts within the various IT technologies and global locations
- Proactively remediate information technology security threats as a member of the security team
- Assist in the designing, documenting, architecting and implementing IT security measures and controls
- Provide support through 'Threat Hunting' against anomalous behavior within the enterprise. Correlates activity across assets (endpoint, network, apps) and environments to identify patterns of anomalous activity
- Conducts log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
- Threat mitigation; malicious code detection, response and prevention; operating system security oversight
- Conduct risk and security assessments through vulnerability analysis and reporting
- Perform mitigation support for both internal and external security audits
- Investigate, analyze and document security incidents to identify and document the root cause
- Provides incident response support including mitigating actions to contain activity and facilitating forensics analysis when necessary
- Partner with IT Operation teams to remediate system vulnerabilities
- Participates in the production of documentation and management reporting
- Research security enhancements and make recommendations for improved policy and process
- Analyze IT requirements and provide objective advice on the use of new IT security offerings
- Stay up-to-date on information technology and cybersecurity trends and standards
- Other IT Security-related duties as required
Position Requirements:- Must be authorized to work in the U.S.
- Undergraduate degree required with focused curriculum on IT security, or with relevance to IT infrastructure and Security
- 5-7 years IT security including 3-5 years network or system administration experience with a proven ability to engage with Senior Management and regulators.
- History of planning and delivering IT Security and Compliance Projects in a Global setting
- Self-directed with the ability to prioritize workload based on known deliverables
- Excellent written and oral communication skills in support of policy, procedure and best practices
- Some travel required
- Expertise in SIEMs (Rapid7, Sentinel, etc.), endpoint protection, vulnerability management tools, and security automation.
- Strong understanding of network and application security, threat actor tactics (MITRE ATT&CK), and incident response frameworks.
- SDLC, and understand application security.
- Containerization and dev sec ops
- IaaS or AWS familiarity
Preferred Characteristics:- IT Security Certification, specifically GSEC, CISSO, CISA or CISSP and ITIL
- Professional certifications such as CEH, CISSP, GSEC, GCIA, or OSCP are highly desirable.
- Awareness of current security risks and cyber threats
- Government contracting experience a plus
- Experience working in regulated environments or with industry frameworks (e.g., NIST, ISO 27001, CIS, or CMMC) preferred.
Benefits that make life better:- Comprehensive Healthcare
- 401(k) with 100% company match; up to 5% vested
- Paid Time Off starting on day one
- Bonus opportunities
- Health- & Dependent Care Flexible Spending Accounts
- Short- & Long-Term Disability
- Life & AD&D Insurance
- Learning & Training opportunities
