Vulnerability Management Analyst - OT (Remote Opportunity)

Company: Smithfield Foods
Location: Smithfield
Posted on: September 19, 2023

Job Description:

Your OpportunityAs a member of the Critical Security Incident Response Team, the VM Analyst will collaborate with the incident commander to facilitate efficient and swift responses, aiming to mitigate the impact of cyber events on business operations and uphold the confidentiality, availability, and integrity of data. Achieving success in this role necessitates adept cross-team and cross-discipline collaboration, skillfully evaluating risk in relation to business operations' impact, and a solid track record of technical cybersecurity expertise in a fast-paced and growing organization. The VM Analyst - Operational Technologies performs as a highly motivated and experienced Cybersecurity Vulnerability Management (VM) Analyst to support various programs and strategic initiatives within the company. This role conducts vulnerabilities assessments that may present a risk to the confidentiality, availability and integrity of IT and OT assets and operations, then categorizes and prioritizes vulnerability risk findings to provide guidance for remediation to support teams and business stakeholders. Salary Range $66,000 - $96,250 Core Responsibilities
Regularly meets with the Director of Cybersecurity and the Security Operations Team to review threat activity, adversary tactics, targeted vulnerabilities, and exposure risks.
Works closely with other cybersecurity staff to develop, test, and implement new cybersecurity software and services. Assist in the development of a support model, standard operating procedures.
Administers security solutions that scan and detect vulnerabilities within IT assets, applications, cloud services and third-party service providers.
Performs comprehensive security testing and threat path analysis of networks, systems, cloud-based platforms, and virtualization systems.
Proactively assesses the program's effectiveness by continuously monitoring compliance with baseline, patching, and application security requirements and standards.
Conducts recurring scanning for enterprise assets, report discovered vulnerabilities, and assist with mitigation strategies for vulnerabilities that cannot be corrected (zero day).
Collaborates with system owners and support teams to analyze and evaluate mitigation strategies, offering guidance and assistance in enhancing strategies when necessary.
Maintains technical expertise, relevant industry standards, and best practices as assigned in cybersecurity technologies such as:
Operational Technologies (OT) such as HMIs and PLCs.
Network, Server, Virtual systems, and cloud security hardening.
Cloud deployment and security models including public, community, private, and hybrid.
Cloud service delivery models including infrastructure-, platform and software-as-a-service.
Email threat protection.
Penetration testing.
Configuration Management
Maintains awareness of latest cybersecurity risks and threat actor tactics, techniques, and procedures (TTPs).
Continuously promotes security awareness within the organization in support of the Behavior Management Program.
Acts as a technical point of contact for escalations and troubleshooting of security issues.
Plays an active role in enhancing and developing incident response playbooks to align with the dynamic threat landscape.
Participates in security audits and security capability assessments.
Participates in a rotating emergency on-call as well as respond to Critical Incident Response Team activations.
Responsible for meeting KPIs and KRIs and adapt to changes in the threat landscape.
Collaborates with other cybersecurity engineers and analysts in the IT and OT organizations to manage security threats and response capabilities.
Uses a threat-based, intelligence-led approach to Vulnerability Management and remediation to reduce cyber-risk to the organization.
Serves as a key advisor to the Director of Cybersecurity, BISO and Manager of Cybersecurity Operations.
Develops specific security and risk recommendations for improvement and alignment to overall Smithfield and Information Security and Risk goals.
Ensures the historic risks are managed, understood, and used in future decisions and maintain flexibility in team to adapt to evolving risk landscapes.
Participates in cybersecurity team efforts as they relate to the information security program and incident response.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. May perform other duties as assigned. QualificationsTo perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals to perform the essential functions .
Bachelor's degree from an accredited four-year college or university in Computer Science, Cybersecurity, Information Systems, or a related field and 2 years Information Security, Vulnerability Management or Operational Technology experience or relevant experience; or an equivalent combination of education and experience, required.
Active industry certification such as, CISSP, GCIH, CCSP, GCIA or similar preferred.
Experience with "defense-in-depth" and "defense-in-breadth" principles and technology.
Knowledge of industrial network protocols and devices.
Understanding of frameworks such as PCI, SOX, SOC 2, HIPAA, GLBA, NIST CSF, NIST SP-800, MITRE, ISO 27001
Experience with Enterprise level Vulnerability/Pen-Test solutions.
Strong familiarity with OWASP TOP 10 vulnerabilities, SANS 25, MITRE and CWEs.
Experience working in a multinational company with complex integrated environments in Information Technology (IT). Experience in Operations Technology (OT) desired.
Self-driven, autonomous and can contribute to the strategy and roadmap of the cybersecurity team.
Ability to handle proprietary and sensitive information in a confidential manner.
Proven ability to work effectively as a remote individual contributor as well as in a team environment.
Demonstrated flexibility, organization, and ability to execute multiple tasks efficiently and effectively.
Ability to communicate effectively across all levels of the organization, including the delivery and explanation of complex security-related concepts into clear, concise, and understandable terms.
Excellent written and verbal communication skills.
Ability to leverage industry best practices and previous experiences while remaining creative, inquisitive, and innovative.
Solid critical thinking and analytical skills, experience solving practical issues, and engaging cross functional teams of multiple process partners to gain consensus.
Ability to be respectful, approachable and team oriented while building strong working relationships and a positive work.
Work Environment
Occasionally required to stand; walk; and reach with hands and arms.
Regularly required to talk and hear.
Frequently required to sit and use hands to finger, handle, or feel.
Occasionally required to lift and/or move up to 25 pounds.
Specific vision abilities required by this job include close vision.
Occasionally required to work in wet or humid conditions (non-weather); work near moving mechanical parts; fumes or airborne particles.
Noise level in the work environment is usually moderate.
Although most of the work will be performed in an office environment, must be able to visit and work in a plant, warehouse, distribution center or other manufacturing facility.
Career BenefitsTo learn more about Smithfield's benefits, visit smithfieldfoods.com/careerbenefits.Why Work at Smithfield Foods? We are committed to meeting our employees' needs, addressing their concerns and helping them enjoy rewarding careers with our company. PEOPLE MATTERWith more than 60,000 jobs globally, our employees drive our success. We strive to create a fair, ethical and rewarding work environment.GROWTH & DEVELOPMENTWorking at Smithfield isn't just a job - it's the foundation for a lifelong career with training designed to help you advance professionally.BENEFITSOur people matter. That's why we offer excellent, comprehensive benefits packages to our full-time employees.SUSTAINABILITY PLEDGESustainability is ingrained in our culture and guides how we operate. We believe in innovating for the future.About Smithfield Foods Headquartered in Smithfield, Va. since 1936, Smithfield Foods, Inc. is an American food company with agricultural roots and a global reach. With more than 60,000 jobs globally, we are dedicated to producing "Good food. Responsibly--" and serve as one of the world's leading vertically integrated protein companies. We have pioneered sustainability standards for more than two decades, including our industry-leading commitments to become carbon negative in U.S. company-owned operations and reduce GHG emissions 30 percent across our entire U.S. value chain by 2030. We believe in the power of protein to end food insecurity and have donated hundreds of millions of food servings to our communities. Smithfield boasts a portfolio of high-quality iconic brands, such as Smithfield -- , Eckrich -- and Nathan's Famous -- , among many others. For more information connect with us on Facebook, Twitter, LinkedIn and Instagram. EEO/AA Information Smithfield is an equal opportunity employer committed to workplace diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, protected veterans status, status as a disabled individual or any other protected group status or non-job characteristic as directed by law.

Keywords: Smithfield Foods, Suffolk , Vulnerability Management Analyst - OT (Remote Opportunity), Executive , Smithfield, Virginia