Description Who We Are Vigor, a Titan Company, is a values-driven, diversified industrial business operating in six locations with approximately 1,800 people in Oregon, Washington and Alaska. Built around a collection of powerful, unique assets and differentiated capabilities, Vigor excels at specialized shipbuilding, ship repair and handling important, complex projects in support of energy generation, our nation's infrastructure and national defense.
With deep respect for people and the planet, Vigor strives to be a positive, regenerative force for good - environmentally, in the lives of our employees and in the community. We have built a positive culture that honors the work we do, the workers who do it, and the world we live in.
POSITION SUMMARY: The Cybersecurity Analyst Sr. will be a member of an expanding team of security professionals, and plays a key role in monitoring, analyzing, and strengthening the organization's cybersecurity posture. This position will report to the Information Security Manager. As a Cybersecurity Analyst Sr, you will support the organization's security strategies to respond to and protect against various cybersecurity threats. In this role you will provide threat and vulnerability analysis, support security enhancements to threat detection, incident response, vulnerability management, cybersecurity awareness and assessments, and assist with other cybersecurity related initiatives.
SALARY RANGE: $109,000 - 121,000
ESSENTIAL FUNCTIONS AND MAJOR RESPONSIBILITIES: (This list is not intended to detail all aspects of the assigned work but is representative of the job's overall
responsibilities)
- Lives the Vigor Values every day.
- Actively participates in developing the goals, strategy and methodologies of Vigor's cybersecurity posture in alignment with the overall Information Security program strategy.
- Provide expertise to include analyzing, designing, developing and delivering solutions to identify, detect and mitigate cybersecurity threats.
- Assist in managing security tools and technologies, identify opportunities to improve monitoring and alerting capabilities through automation, process enhancement, and analysis.
- Perform hands on operational support of threat identification, monitoring of vulnerabilities and risks to Vigor's environments and applications. Correlate security events from various tools to identify attacks and breaches.
- Monitoring of multiple environments including deployed system agents verifying adherence to corporate policies, patching of workstation, servers and infrastructure hardware and systems.
- Monitor security alerts and logs to respond to suspicious activities or anomalies that may indicate a security incident.
- Support the Cybersecurity Incident Response (CISRT) process, investigate and respond to security events, conduct forensic analysis, tickets, reports and root cause analysis (RCA) as necessary.
- Provide analysis and insights into data supporting the effectiveness of technical and process-based cyber security controls.
- Update monthly security metrics for distribution to the leadership team.
- Support internal and external IT audits by collecting security evidence, logs, and documentation.
- Provide operational support, ensuring systems, agents, and devices are online and available which may include 24x7 on-call support rotation or as needed.
- Provide mentorship to junior cyber analysts with security tool familiarization, tool configurations and use, SIEM monitoring and alert activities, and cyber incident investigations and response.
- Performs other duties as required or assigned.
JOB SCOPE: This position operates within a security team in a dynamic environment to support numerous Cybersecurity tools, programs, and reporting requirements. Operate security monitoring and incident response toolsets with a focus on continuous improvement. Research and recommend solutions for incident response and digital forensics. Supports incident response activities during complex Cyber-attacks that threaten assets,
intellectual property, and computer systems. Supports the development and improvement of security monitoring and incident response processes and solutions to support the Cybersecurity program, as required.
SUPERVISORY RESPONSIBILITY: None
INTERPERSONAL CONTACTS: The individual communicates both verbally and written with executives, manager, Security team members, company employees, and external customers. He/she provides regular verbal and written status reports to same group. The position represents the Company through formal and informal interactions with multiple customers, vendors, subcontractors and government agencies.
KNOWLEDGE SKILLS AND ABILITIES: - Ability to multi-task in a fast-paced, diverse environment, while maintaining attention to detail and exhibiting strong leadership.
- SIEM Management: Experience configuring and reporting on SIEM tools.
- Firewall & Network Security: Strong knowledge of firewalls, IDS/IPS, and VPN security.
- Endpoint Protection & Threat Detection: Hands-on experience with EDR, anti-malware, and behavioral analytics tools.
- Data Loss Prevention (DLP): Understanding of DLP policies and implementation strategies.
- Web Application Security (WAF): Experience with WAF tools and application security best practices.
- Vulnerability Management: Proficiency in vulnerability scanning tools.
- Identity & Access Management (IAM): Experience with least privilege access, MFA, RBAC, and SSO.
- Cloud Security Knowledge: Understanding of AWS, Azure, or GCP security configurations.
- Experience with NIST SP 800-53 & 800-171 or other cybersecurity frameworks.
REQUIREMENTS: - Be a U.S. Citizen
- Ability to do local travel and out-of-town travel (including air travel) up to 10% of the time with notice
EDUCATION AND/OR EXPERIENCE: - Bachelor's degree from an accredited institution in Computer Science, Information Technology or a related discipline preferred.
- Minimum five (5) years equivalent information security experience, experience working in a Security Operations Center (SOC), or equivalent experience/specialized training that is commensurate with the assignment.
CERTIFICATES, LICENSES AND REGISTRATIONS: - Security+ or equivalent certification required. (DOD 8570 IAT/IAM lv. 2 qualifying)
- Certified Information Systems Security Professionals (CISSP) certification preferred
- GSEC - GIAC Security Essentials preferred
- CEH - Certified Ethical Hacker preferred
PHYSICAL DEMANDS: - Work is conducted in a dynamic, fast-paced office setting with moderate noise.
- They may be required to work more than 8-hour shifts and weekend work.
- There may be local travel and out-of-town travel (including air travel) up to 10% of the time with notice.
- Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
WORK ENVIRONMENT: - While in production areas, the individual will be exposed to all weather conditions, noise, dust and odors.
- Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Vigor Values Vigor expects all employees to enhance the atmosphere in which they work by living the Vigor Values every day.
Truth: We seek the truth, and we speak the truth
Responsibility: We act on what we know is right
Evolution: We seek mastery, and adapt to a changing world
Love: We care about the people we work with, and the world we live in
Vigor and its wholly owned subsidiaries are committed to inclusion and diversity by providing equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veterans, age, genetics, the presence of a physical or mental condition or disability that can be reasonably accommodated, or any other protected class under relevant laws in the locations we operate. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions and can be requested with Vigor's Human Resources Department.
In addition to federal law requirements, Vigor complies with applicable state and local laws governing nondiscrimination and non-retaliation in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, benefits, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.