Security Specialist

T eam Elmer's, a 100% employee-owned heavy construction company, seeks a Security Specialist responsible for protecting the employees and IT infrastructure from cyber threats. The specialist analyzes and develops necessary systems, procedures, and education to eliminate or mitigate vulnerabilities. The specialist also responds to incidents efficiently and effectively.

Responsibilities :

Vulnerability Management : assess, harden, update, and upgrade IT infrastructure, appropriate to its functions and best practices; develop and maintain templates and change management procedures to ensure future systems are deployed securely; perform periodic security audits and penetration tests

Detection Engineering and Incident Response : collect, monitor, correlate, and enrich security logs from IT infrastructure to identify unauthorized and / or malicious activity; develop response plans for personnel and script responses where possible

User Administration : review user permissions and roles on all IT infrastructure, correcting them to the least required privileges; develop procedures for reviewing and approving requested role and permission changes; implement methods to detect role and permission changes during normal monitoring

Compliance : assess and modify IT infrastructure and procedures to ensure full compliance with HIPAA and PCI DSS regulations and reporting requirements

Education : compose and provide security awareness and compliance training; administer third-party education tools and lead regular testing

Security : administer physical access control and monitoring systems (doors, gates, cameras); collaborate with the Safety department on physical security measures, response plans, and incident investigation; assist in the development of business continuity and disaster response measures

The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope of the position.

Qualifications :

• Strong IT skills and knowledge of hardware, software, networks, and data centers, including familiarity with :
• Containerization and server virtualization
• System backup, imaging, and deployment
• System security best practices
• Network security best practices
• Microsoft Active Directory, Entra, Intune
• Microsoft Office365 security engineering
• Microsoft GPOs and PowerShell scripting
• Strong organization, communication, and presentation skills
• Recent completion of cyber security refresher training desired

EEO / AA