Senior Analyst, Information Security
Job Description
Build an Aviation Career You’re Proud Of
Build your career with integrity by working at a company that doesn’t just treat you like a number. You’ll get the tools to do things right in a clean and safe work environment and the trust to fix any issue that comes your way. Our on-the-job training and team of experts mean you’ll be set up for success.
The Sr. Security Analyst position is a critical role in the protection of StandardAero’s enterprise business and technology operations. In this role, you will be accountable for identifying weaknesses in network and security systems and implementing solutions to improve our global security posture. Your efforts will require solid communication and teamwork within the global organization. The role is an integral position in supporting StandardAero’s enterprise cyber-security defenses, providing tactical cyber security objectives and implementing the security strategy across the organization.
Locations: San Antonio, TX, Dallas, TX, Maryville, TN, or Cincinnati, OH preferred
What you’ll do:
Configure, analyze, report and address security alerts within the IT technology stack across global locations
Proactively remediate information technology security threats as the SME for the security team
Design, document and implement IT security measures and controls to ensure compliance mandates
Manage, architect and implement security-specific technologies (Firewalls, IDS/IPS, Web and Email Security, SIEM, MFA, SSO, Proxies, etc.)
Anticipate security alerts, incidents and disasters in order to reduce their likelihood
Conduct risk and security assessments through vulnerability analysis, patch management and mitigation
Perform mitigation support for both internal and external security audits
Investigate, analyze and document security breaches to identify and document the root cause
Understand the Cyber Kill Chain and what defensive options are available at each step
Provide Threat Hunting support and mentoring against anomalous behavior within the enterprise
Partner with the server and network teams to remediate network and system vulnerabilities
Remediate detected vulnerabilities to maintain a high-security standard and provide guidance in remediation
Develop and document company-wide best practices for IT security
Research security enhancements and make recommendations for improved policy and process
Analyze IT requirements and provide objective advice on the use of new IT security offerings
Stay up-to-date on information technology trends and security standards
Design, implement, administer, support and maintain cybersecurity technology systems (Endpoint Protection, IDS/IPS, Web and Email Security, SIEM, Multi-Factor Authentication, Network Access Controls, DLP, etc.)
Analyze, report and respond to security alerts within the various IT technologies and global locations
Proactively remediate information technology security threats as a member of the security team
Assist in the designing, documenting, architecting and implementing IT security measures and controls
Provide support through ‘Threat Hunting’ against anomalous behavior within the enterprise. Correlates activity across assets (endpoint, network, apps) and environments to identify patterns of anomalous activity
Conducts log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
Threat mitigation; malicious code detection, response and prevention; operating system security oversight
Conduct risk and security assessments through vulnerability analysis and reporting
Perform mitigation support for both internal and external security audits
Investigate, analyze and document security incidents to identify and document the root cause
Provides incident response support including mitigating actions to contain activity and facilitating forensics analysis when necessary
Partner with IT Operation teams to remediate system vulnerabilities
Participates in the production of documentation and management reporting
Research security enhancements and make recommendations for improved policy and process
Analyze IT requirements and provide objective advice on the use of new IT security offerings
Stay up-to-date on information technology and cybersecurity trends and standards
Other IT Security-related duties as required
Position Requirements:
Must be authorized to work in the U.S.
Undergraduate degree required with focused curriculum on IT security, or with relevance to IT infrastructure and Security
5-7 years IT security including 3-5 years network or system administration experience with a proven ability to engage with Senior Management and regulators.
History of planning and delivering IT Security and Compliance Projects in a Global setting
Self-directed with the ability to prioritize workload based on known deliverables
Excellent written and oral communication skills in support of policy, procedure and best practices
Some travel required
Expertise in SIEMs (Rapid7, Sentinel, etc.), endpoint protection, vulnerability management tools, and security automation.
Strong understanding of network and application security, threat actor tactics (MITRE ATT&CK), and incident response frameworks.
SDLC, and understand application security.
Containerization and dev sec ops
IaaS or AWS familiarity
Preferred Characteristics:
IT Security Certification, specifically GSEC, CISSO, CISA or CISSP and ITIL
Professional certifications such as CEH, CISSP, GSEC, GCIA, or OSCP are highly desirable.
Awareness of current security risks and cyber threats
Government contracting experience a plus
Experience working in regulated environments or with industry frameworks (e.g., NIST, ISO 27001, CIS, or CMMC) preferred.
Benefits that make life better:
Comprehensive Healthcare
401(k) with 100% company match; up to 5% vested
Paid Time Off starting on day one
Bonus opportunities
Health- & Dependent Care Flexible Spending Accounts
Short- & Long-Term Disability
Life & AD&D Insurance
Learning & Training opportunities