It's fun to work in a company where people truly BELIEVE in what they are doing!Headquartered in Arvada, Colorado with operations and presence in Europe, the Middle East, India, Asia, Japan, and China, Sundyne is a global manufacturer of precision-engineered, highly reliable, safe, and efficient centrifugal pumps and compressors for use in chemical, petrochemical, hydrocarbon, hydrogen, pharmaceutical, power generation, and industrial applications. Sundyne is a leader in delivering precision-engineered and highly reliable pumps & compressors to many of the world's most important markets, including energy, chemical, industrial, carbon capture, clean hydrogen, and renewable fuels. Sundyne pumps and compressors are available in API, ANSI/ASME, ISO, and other industry-compliant designs. To learn more about the Sundyne family of precision-engineered pumps and compressors, please visit www.sundyne.com.
Position Description Sundyne is seeking a
Cybersecurity Analyst to be the primary driver and owner of Sundyne's entire Cybersecurity program. Responsibilities will be to assess Sundyne cybersecurity tools/controls, plan improvements, collaborate with internal and external staff on implementing improvements, and report status or progress to management.
Job Duties & Responsibilities CIS/NIST Framework- Perform ad-hoc and on-going assessments of Sundyne controls and compare to CIS/NIST Framework
- Identify gap areas or areas requiring additional improvements
- Discuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to adhere to CIS/NIST framework
- Report to management on status, plan, schedule and future state
Vulnerability Scanning / Penetration Testing- Work with outsourced service provider to schedule and conduct vulnerability scans and penetration tests using existing tool(s)
- Review and assess findings with respective stakeholders
- Discuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to reduce or mitigate identified vulnerabilities
- Report to management on status, plan, schedule and future state
Other Cybersecurity Assessments/Certifications/QuestionnairesAssist in conducting other cybersecurity assessments as required
- Review and/or complete various cybersecurity questionnaires on Sundyne's behalf when requested by 3rd parties
- Discuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to reduce or mitigate identified vulnerabilities
- Report to management on status, plan, schedule and future state
- Use cybersecurity questionnaires as input into Sundyne cybersecurity program, to identify potential areas of improvement
- Create Sundyne's Cybersecurity questionnaire for completion by 3rd parties which have access to Sundyne IT or provide IT service to Sundyne
- Assist in the certification/re-certification of Cyber Essentials Plus certification (CE+)
- Develop and execute a plan towards gaining ISO27001 certification for all Sundyne sites globally
- Develop and execute a plan towards gaining ISO 9001:2015 certification for all Sundyne sites globally
Security Projects/Initiatives- Research, plan, implement, project manage security projects or initiatives in the pursuit of increased Security
- Leverage all inputs to put together a holistic cybersecurity program for the organization
Review and/or develop- Incident response plans
- Tabletop exercises
- BCP/DR Plans
- Customer Notification Plans
- Assist other IT Security team members as needed
- Phishing Simulations
- Email & web filtering
- Span and Phishing email investigations
- IPS/IDS alert investigations
- SIEM alert investigations
- Review and oversee zero-day vulnerabilities
- Review or create policies, standards and procedures related to Cybersecurity topics.
Skills & Abilities- Ability to maintain multiple projects and initiatives at the same time
- Experience communicating and collaborating with multiple audiences at different levels - Individual Contributors to C-Level Executives
- Effective written and oral communication skills
- Ability to keep calm under pressure
- Strong planning, coordination, documentation and scheduling skills
- Customer Focused with a can-do attitude
- Experience working with or overseeing international outsourced service providers
- Some knowledge/experience with Batch, PowerShell, or other scripting languages
Qualifications - Cybersecurity Certifications, one or more of the below required
- CISSP - Certified Information Systems Security Professional
- CISA - Certified Information Systems Auditor
- CompTIA Security+
- CASP - CompTIA Advanced Security Practitioner
- CEH - Certified Ethical Hacker
- CISM - Certified Information Security Manager
- SSCP - Systems Security Certified Practitioner
- GCIH - Global Information Assurance Certification Certified Incident Handler
- GSEC - Global Information Assurance Certification Security Essentials Certification
- OSCP - Offensive Security Certified Professional
- Completed Bachelor Degree in Computer Science, IT Security, Cybersecurity or equivalent required
- 7-10+ years' experience in IT with a focus on Identity Management and Security required
- Security Apps/Products, expert level in one or more of the below tools or products preferred
- Active Directory/Azure Active Directory
- Qualys
- Crowdstrike
- Colortokens
- BluSapphire
- O365 Cloud App Security
- Azure Security
- Cisco ASA
- Cisco ISE
- Meraki
- Cisco Umbrella
- Certificate based Authentication & Encryption
- Ability to showcase experience in improving cybersecurity standards across the board using CIS/NIST Framework
If you like growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!#LI-KD1#LI-RemoteIf you like growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
Compensation DetailsAnnual Salary: $110,000.00 - $135,000.00
Additional Compensation Salary Range for this position: $110k-$135k (the salary offered will be determined based on the applicant's education, experience, skills, knowledge, abilities, and will be compared with internal equity along with market data for this position).Application Deadline:2025-02-11