Carpenter Technology Corporation is a leading producer and distributor of premium specialty alloys, including titanium alloys, nickel and cobalt based superalloys, stainless steels, alloy steels and tool steels. Carpenter’s high-performance materials and advanced process solutions are an integral part of critical applications used within the aerospace, transportation, medical and energy markets, among other markets. Building on its history of innovation, Carpenter’s wrought and powder technology capabilities support a range of next-generation products and manufacturing techniques, including novel magnetic materials and additive manufacturing.
ANALYST IV - CYBERSECURITY
THE ANALYST IV – CYBERSECURITY WILL . . .
Leads complex Cybersecurity technology projects and lifecycle management. Collaborates with Cybersecurity and IT teams to keep Cybersecurity infrastructure in optimal ready state.Lead next generation Network Security deployments, process improvements, and services inherent to the technology. (Firewall, VPN, ACLs, Instruction Prevention, Malware Detection, Threat Intelligence, Micro-segmentation, etc.)Hands-on, technical implementation and operation of modern Cybersecurity and Cloud system security controls.Performs advanced cyber-threat analysis, initial risk assessment, and forensic examinationCollaborates with Cybersecurity and IT teams to keep cybersecurity infrastructure in ready state. Administers security infrastructure including intrusion detection, data loss prevention, anti-virus, network and web application firewalls, VPN, web access filters, and encryption. Creates/updates standard operating procedures and as-built documentation. Routinely publish performance metrics.Evaluates key security intelligence feeds, assesses risk, and recommends actions for security control improvementsGuides design of technical and procedural security controlsProvides security and compliance guidance for IT projects intended to enable or advance business initiativesSteers IT and Business teams with secure integration of Cloud and Third-party ApplicationsAdvises IT teams regarding patch notifications, initial risk assessment, eligible systems, and deployment requirementsPerforms vulnerability assessments including network scans (e.g., Qualys, Rapid 7, etc.) and application security testing (e.g., HP Fortify, IBM AppScan, etc.)Performs periodic penetration testing (Ethical Hacking) and consults management on risk treatment plansGuides employees with security policy (e.g., password complexity, encryption settings, etc.) and advances cybersecurity awareness campaigns (e.g, Phishing email simulations). Routinely publishes Governance, Risk, and Compliance (GRC) metrics.Examines design and operational effectiveness of security controls. Coordinates audit engagements led by Internal Audit, Regulator, or external audit firm.Performs assessment of internal and third-party cybersecurity risk. Examines audit reports (e.g., SOC 1, SOC 2, ISO 27001, etc.). Prepares responses to customer inquiries about Carpenter compliance related to IT and Security.Perform all other duties and special projects as assigned.REQUIREMENTS FOR THE ANALYST IV - CYBERSECURITY
Bachelor of Science degree in computer science or related fieldSecurity certifications such as CISSP, CISA, CISM, CCSP, GCIH, GCIA, GSEC and CEHMinimum 7 years of related experience with Access Management, Security Operations, Network Security, Vulnerability Management, Compliance, or AuditExpert understanding of information technologyExpert knowledge of multiple security domains and common security controlsExpert knowledge of 3-6 security domainsFamiliarity with common hacking techniques (e.g., malware, phishing, etc.) and effective counter measuresAdoption of security best practices and industry standards (e.g. NIST, ISO, CIS, COBIT, OWASP, etc.)Hands-on operation of cybersecurity infrastructure (e.g., Firewalls, Intrusion Detection, AV, PKI, Encryption, etc.) and configuration experienceSecurity Incident Response handlingMalware analysisStrong collaboration skills and comfortable working in a team environmentManage stressful situations associated with cyber-attackInfluence fellow technical staff regarding security, compliance, and riskIdentifies opportunities for improvement and makes constructive suggestions for changePerform research and communicating findings to technical and non-technical audienceCarpenter Technology Company offers a competitive salary and a comprehensive benefits package including life, medical, dental, vision, flexible spending accounts, disability coverage, 401k with company contributions as well as many other options to employees.
Carpenter Technology Corporation’s policy is to fully and effectively maintain a program of equal employment opportunity and nondiscrimination for all employees, to employ affirmative action for all protected classes, and to recruit and develop the best qualified persons available regardless of age, race, color, religion, sex, gender identity, sexual orientation, marital status, national origin, political affiliation or any other characteristic protected by law. The Company also will recruit, develop and provide opportunities for qualified persons with disabilities and protected veterans.