Senior Cyber Security Analyst in Mechanicsville, VA

$80K - $100K(Ladders Estimates)

Owens & Minor   •  

Mechanicsville, VA 23111

Industry: Transportation


5 - 7 years

Posted 58 days ago

This job is no longer available.


Identifies, develops and deploys global cyber security controls across the enterprise, leveraging Owens & Minor's assets, network and data to identify threats. Collaborates with IT Infrastructure Teams, supporting the end-to-end secure deployment of cyber security technologies and disciplines (antivirus, DLP, web filter and ATP, etc.).


  1. Through review, analysis and documentation of current baselines, develops target cyber security and technology postures.
  2. Performs gap analysis of the current baseline against the target architecture.
  3. Evaluates, develops and applies appropriate tools to capture, analyze and model various viewpoints of the domain architecture.
  4. Defines metrics and methodologies to measure domain performance of applying new technologies.
  5. Reviews, designs and re-engineers domain processes with new technologies to improve domain performance.
  6. Defines cyber security control requirements for the network technologies.
  7. Provides centralized IT security services to the organization, developing processes and policies to reduce associated costs
  8. Operates as a first line of defense to ensure compliance with IT requirements, including Data Loss Prevention.
  9. Provides consultation and subject matter expertise to the organization on cyber security issues
  10. Researches, engages, and manages third party vendors where relevant to support functional objectives.
  11. Provides thought leadership to the function and broader cyber security organization, driving transformational change and capability uplift across the enterprise.
  12. Collaborates with various layers of management across cyber security and other IT teams to develop solutions that protect the organization.
  13. Designs and drives the implementation of service offerings, capability uplifts, and process improvements to protect the bank for a continuously changing threat landscape.
  14. Participates in focus activities as required, including backlog reduction.


  1. Performs additional duties as directed.


  • Bachelor's Degree required; concentration in Information Systems, Computer Science, or Information Security highly preferred
  • Four (4) or more years IT Security professional experience within in a corporate role or large agency
  • Five (5) years as an IT Security Endpoint Engineer preferred
  • Global IT security experience/exposure and/or SANS certification highly preferred
  • Or any combination of education and experience to meet the above requirements


  • In depth knowledge of IT security, and of working in a heterogeneous environment of diverse applications, systems, databases, SaaS solutions, and on premise/Cloud-based security offering
  • Strong understanding of IT security and risk mitigation strategies
  • Ability to create clear and concise documentation targeted at the appropriate audience (IT executives, Internal Business Clients and technical teams)
  • Expert understanding of Active Directory / Federation Model, Multi-factor authentication, SSO, SAML, OAUTH, SSL Certificates, etc Experience with Citrix Products, VMware Products, Microsoft App-V and Microsoft Windows Registry / User Profiles
  • Demonstrated knowledge of common adversary tactics, techniques, and procedures (TTPs)
  • Intimate knowledge of the Cyber Kill Chain and other relevant network defense and intelligence frameworks
  • Experience with collecting, analyzing, and interpreting technical data from multiple sources, documenting the results and providing meaningful analysis products
  • Ability to deliver assertive, quality verbal and written communication
  • Must be capable of creating architecture and related documents for pre-existing solutions and implementations
  • Must be capable of collaborating with others regarding critical security decisions and policy and have others feel their input is being considered when decisions affect multiple teams and/or the business

Valid Through: 2019-9-16