Address
Form of work
SalaryHarsco Corporation is a market-leading, global provider of environmental solutions for industrial, retail and medical waste streams, and innovative equipment and technology for the rail sector. We have an unrivalled breadth of experience across the globe and an impressive reputation stretching back more than a century. Based in Camp Hill, PA, with more than 13,000 employees and the company operates in more than 30 countries.
About Harsco GSC
Harsco GSC handles a wide range of services, finance and accounting shared services, global HR shared services, providing IT Service and helpdesk support and market research support to Harsco globally. We are Operating since 2008 & Serving 30+ Countries
Job Description
Experience: 6 Years and above
This position is responsible for assisting in the day-to-day operations of Harsco’s security program, including risk analysis, vulnerability management and prevention, training, as well as awareness campaigns.
Working with various IT teams, the Security Analyst will ensure solutions are designed, developed, deployed, and managed effectively ensuring robust security and risk controls are used. The CSA leads the firm's vulnerability management program, manages the annual cybersecurity assessments and penetration tests, and researches and reports on emerging threats, to help the firm take pre-emptive risk mitigation steps.
Key Responsibilities
- Participate in optimizing Harsco’s cyber security program by applying policies, standards, and processes
- Proactively monitor, analyze, and provide guidance on security vulnerabilities and incidents to support remediation activities
- Participate in developing and maintaining documentation on cyber security operations, incident playbook and runbooks, process workflow, incident handling and response capabilities
- Participate in developing and maintaining documentation for vulnerability assessments, threat modeling and the risk remediation processes
- Collaborate and partner with IT and business stakeholders, as well as remediation teams, to respond to security incidents and manage remediation
- Research and stay abreast of and provide guidance on vulnerabilities and emerging threats
- Respond to questions and issues relating to Cybersecurity policies
- Participate in Assessing new security technologies to determine potential value for the enterprise. Perform research, testing, evaluation, and deployment of security technology and procedures.
- Be an active member of the Incident Response Team
- Manage assigned systems owned by Information Security Team
- Perform other duties as assigned
Qualifications
Preferred Qualifications
- A four-year college degree or equivalent industry training and certifications
- Six years of experience in Information security related position
- Highly motivated individual with the ability to self-start, prioritize, multi-task, and has a "can-do" attitude
- Ability to communicate and work effectively with others, harness new and different skills as well as experience
- Experience in Cyber Security, Cloud Platform Security, Risk Assessment, Network Security, IAM, Data Security and Governance.
End point and application security (Knowledge) - Action and results-oriented with the ability to overcome obstacles, able to work well under deadlines in a changing environment
- Have knowledge on cloud web security tools and analysis
- Have an in-depth understanding of OWASP testing methodology, Dynamic and Static Application Security Testing, re-engineering, automation, ASP.NET/JAVA, IDS/IPS systems, Burp Suite, Nmap, Nessus, Qualys, and Metasploit, etc.
- Ability to adjust quickly to shifting priorities, and decision-making skills with limited information
- Knowledge of current threats and best practices in the Cyber Security
Desired Qualifications
- One or more of the following certifications: CEH, CISM, CompTIA Security+, CISSP, GSEC
- Experience with managing and securing both on-premise and cloud hosted systems and applications.
- Experience with application and database security.
Minimum Qualifications
BS degree in Computer Science, Cybersecurity, or related area plus 3 years’ experience in Cyber Security, Security Monitoring and Response or in lieu of a degree, a minimum 5 years of experience in Cyber Security, Security Monitoring and Response.
- Technical knowledge of enterprise-class technologies such as firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems
- Thorough understanding of Microsoft’s enterprise technology platform, including Azure, Active Directory, Office365, Azure Devops and the Windows server and desktop operating systems
- Proficiency with Windows PowerShell
- Strong writing skills, as well as the ability to articulate security-related concepts to a broad range of IT staff
- Working experience and managing any antivirus product like Mcafee, Windows Defender ATP
- Demonstrated experience working security and compliance frameworks such as NIST or ISO 27001
- Be a proficient problem-solver that is able to work autonomously
Additional Information
Disclaimer
The information about this job description given above has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.
