Lead Cybersecurity Analyst I

Carpenter Technology Corporation is a leading producer and distributor of premium specialty alloys, including titanium alloys, nickel and cobalt based superalloys, stainless steels, alloy steels and tool steels. Carpenter Technology's high-performance materials and advanced process solutions are an integral part of critical applications used within the aerospace, transportation, medical and energy markets, among other markets. Building on its history of innovation, Carpenter Technology's wrought and powder technology capabilities support a range of next-generation products and manufacturing techniques, including novel magnetic materials and additive manufacturing.

ANALYST III - CYBERSECURITY

PRIMARY RESPONSIBILITIES FOR ANALYST III - CYBERSECURITY

• Contributes as needed with Identity and Access Management (IAM) duties including user account provisioning, password vaulting, periodic access review, and encryption key management
• Assists with cyber-threat monitoring and Security Operations Center (SOC) duties.
• Perform daily security operations duties including handling service requests from Business and IT teams. Updates standard operating procedures and as-built documentation. Routinely publish performance metrics.
• Monitors key security intelligence feeds and escalates relevant risks.
• Participates in cybersecurity technology projects and lifecycle management.
• Provides security technical assistance for IT projects intended to enable or advance business initiatives.
• Supports secure integration of Cloud and Third-party Applications.
• Assists with recurring patch and vulnerability management tasks.
• Facilitates third-party penetration testing (Ethical Hacking) to confirm design and operational effectiveness of security controls.
• Guides employees with security policy (e.g., password complexity, encryption settings, etc.) and advances cybersecurity awareness campaigns (e.g., Phishing email simulations).
• Routinely publishes Governance, Risk, and Compliance (GRC) metrics.
• Examines design and operational effectiveness of security controls. Coordinates audit engagements led by Internal Audit, Regulator, or external audit firm.
• Supports assessment of internal and third-party cybersecurity risk. Examine audit reports (e.g., SOC 1, SOC 2, ISO 27001, etc.). Assist with customer inquiries about Carpenter compliance related to IT and Security.
• Perform all other duties and special projects as assigned.

REQUIRED FOR THE ANALYST III - CYBERSECURITY

• Bachelor of Science degree in computer science or related field or a combination of business-related function experience, education, or related certifications (e.g., ISC2 CISSP) with experience.
• Minimum 5 years of related experience with Access Management, Security Operations, Network Security, Vulnerability Management, Compliance, or Audit.
• Advanced understanding of information technology.
• Advance knowledge of multiple security domains and common security controls.
• Expert knowledge of 2-3 security domains.
• Familiarity with common hacking techniques (e.g., malware, phishing, etc.) and effective counter measures.
• Adoption of security best practices and industry standards (e.g. NIST, ISO, CIS, COBIT, etc.).
• Hands-on operation of cybersecurity infrastructure (e.g., Firewalls, Intrusion Detection, AV, PKI, Encryption, etc.) and configuration experience.
• Security incident Response handling.
• Malware analysis.
• Multi-task and manage demands of multiple projects, incidents, and tasks.
• Meet deadlines and manage changing priorities.
• Perform effectively both independently and in a team environment.
• Strong collaboration skills and comfortable working in a team environment.
• Manage stressful situations associated with cyber-attack.
• Influence fellow technical staff regarding security, compliance, and risk.
• Identifies opportunities for improvement and makes constructive suggestions for change.
• Perform research and communicating findings to technical and non-technical audience.

Carpenter Technology Company offers a competitive salary and a comprehensive benefits package including life, medical, dental, vision, flexible spending accounts, disability coverage, 401k with company contributions as well as many other options to employees.

Carpenter Technology Corporation's policy is to fully and effectively maintain a program of equal employment opportunity and nondiscrimination for all employees, to employ affirmative action for all protected classes, and to recruit and develop the best qualified persons available regardless of age, race, color, religion, sex, gender identity, sexual orientation, marital status, national origin, political affiliation or any other characteristic protected by law. The Company also will recruit, develop and provide opportunities for qualified persons with disabilities and protected veterans.