Share this Job

Analyst, Cybersecurity

Date: Feb 5, 2021

Location: Melville, NY, US

Company: MSC Industrial Supply

Built to Make You Better.
Serving customer and community starts with the very best people doing their very best work. That is precisely what we have here at MSC. If you are inspired to learn, expand your circle, take risks, and succeed as a team, you can build a better career at MSC.

Requisition ID : 6263

Employment Type : Fulltime     

Job Category : Information technology                                         

Work Location : Melville, NY or Davidson, NC

State or Province : New York or NC   

Potential Work Location : Melville, NY, Davidson, NC, this can be Remote

 

BRIEF POSITION SUMMARY:

At MSC, our purpose is to make all our stakeholders better: our associates, customers, owners and suppliers. For our associates, this means helping them achieve their individual potential and greater success. By expanding our technological capabilities, driving innovation and improving our sales effectiveness, we have repositioned the company as a mission-critical partner for our customers. We help our customers improve productivity and achieve cost savings by solving their most complex inventory management and operational challenges to improve their growth, efficiency and profitability. If you are inspired to learn, expand your circle, take risks, and succeed as a team, you can build a better
career at MSC.

 

The Cybersecurity Analyst is an important member of the MSC IT Cybersecurity team who protects our IT systems from a range of criminal activity, keeping our Customer, Associate, and Corporate information and systems safe.

 

In this position you will perform two core functions for the enterprise. The first is the day-to-day utilization of the in-place security solutions while the second is the involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures as well as conducting vulnerability audits and assessments. The Cybersecurity Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.

 

MSC is in process of rolling out cyber security risk management solutions.

DUTIES and RESPONSIBILITIES:

Strategy & Planning

  • Design and conduct cybersecurity risk assessments for new vendors and new projects
  • Design enterprise security architectures for new solutions and enhancements to existing solutions, under the direction of an IT Security Manager, where appropriate.
  • Create enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of an IT Security Manager, where appropriate.
  • Create solutions that align enterprise security architecture frameworks and standards (e.g. PCI, NIST 800-53, and NIST 800-171) with overall business and security strategy.
  • Participate in the planning and design of an enterprise business continuity plan and disaster recovery plan, under the direction of an IT Security Manager, where appropriate.

 

Acquisition & Deployment

  • Maintain up-to-date detailed knowledge of the cybersecurity risk evaluation, risk mitigation, and risk management techniques.
  • Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
  • Recommend, document, and participate in the implementation of additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
  • Provide input on security requirements to be included in request for proposals (RFPs), statements of work (SOWs), and other procurement documents.

 

Operational Management

  • Review and recommend adjustments to baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (e.g., workstations, servers, network devices).
  • Conduct investigations and provide on-call support into problematic situations where appropriate.
  • Review logs and reports of all in-place devices as necessary, whether they be under direct control (i.e., security tools) or not (e.g., workstations, servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution.
  • Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.

EDUCATION and EXPERIENCE:

  • Bachelor’s degree in Computer Science, Cybersecurity and/or two years equivalent work experience.
  • One or more of the following certifications would also be beneficial:
  • CompTIA Security+
  • GIAC Information Security Fundamentals
  • Microsoft Certified Systems Administrator: Security
  • Associate of (ISC)2

TECHNICAL SKILLS:

  • Understanding of risk management processes and conducting risk assessments.
  • Understanding on working with and securing Windows, Linux, Unix, and i5/OS operating systems.
  • Proven analytical and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Good written, oral, and interpersonal communication skills.
  • Ability to conduct research into IT security issues and products as required.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Highly self-motivated and directed.
  • Keen attention to detail.
  • Team-oriented and skilled in working within a collaborative environment.
  • Hands-on experience through coursework or internship

COMPETENCIES:

  • Knowledge of cybersecurity designs for systems, networks, and defense in depth security requirements or requirements for processing multiple classification levels of data.
  • Knowledge of Microsoft active Directory security concepts and implementation patterns
  • Knowledge of computer networking concepts and protocols (e.g. TCP/IP, DNS) and network security methodologies.
  • Knowledge of capabilities and applications of network equipment including routers, switches, servers, transmission media, and related hardware.
  • Knowledge of application firewall concepts and functions (e.g. single point of authentication enforcement, data anonymization, DLP scanning, SSL security).
  • Knowledge of remote access technology concepts.
  • Knowledge of Federated Identity Access Management (IAM), (e.g. public key infrastructure, Oauth, OpenID, SAML, SPML), including Customer Identity Access Management (CIAM).
  • Knowledge of OWASP top 10 Application Security Risks and ability to guide developers on remediation measures.
  • An understanding of how to secure, eCommerce, Microsoft Azure, Google Cloud Platform, and AWS cloud solutions.
  • Familiarity with securing SAP Cloud platform, Salesforce.com, Callidus, and SuccessFactors.

OTHER REQUIREMENTS:

  • 40-hour work from home with on-call availability as needed. 
  • Will be required to visit an MSC office as necessary for department functions and to meet job requirements.
  • A valid driver’s license and the ability to travel up to 10% of the time are required.
  • Sitting for extended periods of time.
  • Sufficient dexterity of hands and fingers to efficiently operate a computer keyboard, mouse, and other computer components.
  • Lifting and transporting of moderately heavy objects, such as computers and peripherals.
  •       Ethical hacking experience a plus

Equal Opportunity Statement 
At MSC, we are committed to providing an environment of mutual respect where equal employment opportunities are available to all qualified applicants and our associates without regard to race, color, religion, age, sex, national origin, disability, protected veteran status, sexual orientation, gender identity/expression or any category protected by applicable law. 


Nearest Major Market: Long Island
Nearest Secondary Market: New York CIty