Cybersecurity Analyst / Engineer

Carpenter Technology Corporation is a leading producer and distributor of premium specialty alloys, including titanium alloys, nickel and cobalt based superalloys, stainless steels, alloy steels and tool steels. Carpenter's high-performance materials and advanced process solutions are an integral part of critical applications used within the aerospace, transportation, medical and energy markets, among other markets. Building on its history of innovation, Carpenter's wrought and powder technology capabilities support a range of next-generation products and manufacturing techniques, including novel magnetic materials and additive manufacturing.

CYBERSECURITY ANALYST

Location: Reading, PA or Latrobe, PA

The Cybersecurity Analyst . . .

• Develops in-depth cloud security architecture, design and coding standards across infrastructure, application and data security
• Drives a standardized set of cloud security requirements that align with internal policies and meet external compliance/regulatory requirements
• Leads adoption of security best practices and common commercial standards for cloud computing (e.g., NIST, ISO, CIS, COBIT, OWASP, etc.)
• Advises Operations and Incident Response teams on procedures and technology necessary to protect the Cloud environment from cyber-threats and data leakage
• Collaborates with Business, Manufacturing, and IT organizations to choose appropriate cloud technology solutions and facilitates complete integration into the company enterprise environments
• Steers IT and Business teams to advance business initiatives with secure integration of Cloud and Third-party Applications
• Hardens enterprise and cloud architecture from cyber-attacks
• Advises IT teams with Identity and Access Management (IAM) including user account provisioning, password vaulting, periodic access review, PKI and encryption
• Performs risk and vulnerability assessments including network scans (e.g., Qualys, Rapid 7, etc.) and application security testing (e.g., HP Fortify, IBM AppScan, etc.)
• Routinely publishes Governance, Risk, and Compliance (GRC) metrics
• Provides cloud product security related coaching and mentoring to elevate security expertise of development and operations teams.
• Perform all other duties and special projects as assigned.
• Requirements for the Cybersecurity Analyst
• Bachelor of Science degree in computer science or related field
• Security certifications such as CISSP, CISA, CISM, CCSP, GCIH, GCIA, GSEC and CEH
• Vendor Certification - Microsoft Cybersecurity Architect Expert or any Microsoft Azure related certification
• Perform other duties and projects as required.

Required for the Cybersecurity Analyst position

• 8-10 years of related hands-on experience with design and operation of Microsoft Azure Cloud Computing environment (IaaS, PaaS, and SaaS)
• 5-10 years of related design and operations experience with Cloud Computing security controls including Identity and Access Management, Data Protection, Network Security, Logging, and Vulnerability Management
• Experience leading definition of secure-SDLC (system development lifecycle) and product security maturity model
• Familiarity with DevOps/Automation tools including AWS CloudFormation, Ansible, Jenkins, Git
• Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies
• Familiarity with securing container-centric deployments (Docker and Kubernetes)
• Working knowledge of common and industry standard cloud app authentication (OAuth, OpenID, SAML, etc.)
• Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.)
• Familiarity with common web-hacking techniques (e.g., SQL Injection, XSS, CSRF, malware, phishing, etc.) and effective counter measures
• Perform cyber-threat modeling, conduct reviews of security architecture and platform/service designs
• Expert knowledge of multiple security domains and common security controls
• Hands-on operational experience with common cybersecurity infrastructure (e.g., Firewalls, Intrusion Detection, AV, MFA, PKI, Encryption, etc.)
• Security Incident Response handling
• Requires excellent written and verbal communication skills, interpersonal skills, project management skills and the ability to organize and prioritize tasks and make appropriate decisions.
• Willingness to work in a fast paced team based environment with frequently changing priorities.

Carpenter Technology Company offers a competitive salary and a comprehensive benefits package including life, medical, dental, vision, flexible spending accounts, disability coverage, 401k with company contributions as well as many other options to employees.

Carpenter Technology Corporation's policy is to fully and effectively maintain a program of equal employment opportunity and nondiscrimination for all employees, to employ affirmative action for all protected classes, and to recruit and develop the best qualified persons available regardless of age, race, color, religion, sex, gender identity, sexual orientation, marital status, national origin, political affiliation or any other characteristic protected by law. The Company also will recruit, develop and provide opportunities for qualified persons with disabilities and protected veterans.