Senior Analyst - Cyber Security

at  Reyes Holdings

Overview:
Reyes Holdings is a global leader in the production and distribution of food and beverage products. Our five business units service client accounts across 43 states in the United States and 19 countries worldwide – meaning the sun never sets on Reyes Holdings. We continue as a family-owned and operated business, true to how we began in 1976. We’re known for excellence, motivated by safety, and rooted in relationships. Our top priority is our people – all 33,000+ of our employees. We’ve created a workplace where our diverse team has the ability to thrive, challenge one another to continually reach higher, and support each other on our Journey Forward together.
Responsibilities:

POSITION SUMMARY:

The Senior Analyst for Cyber Security role will leverage advanced skills to help counter the activities of cyber criminals such as hackers and developers of malicious software. It is widely accepted that the threats in cyber space are escalating while responses to mitigate them are not able to keep up. This position will focus on identifying internal and external cyber threats along with the appropriate defenses and compensating controls.

REQUIRED SKILLS AND EXPERIENCE:

• Bachelor’s degree in engineering, CS, or other IT related field and 4+ years of experience working in a proactive hunting and analysis role OR High School Diploma and 7+ years of experience working in a proactive hunting and analysis role, in lieu of a bachelor’s degree
• Expertise doing security event monitoring, analysis, and triage
• Strong understanding of security principles such as attack frameworks, threat landscapes, attacker TTPs, etc.
• Strong knowledge of network communications, routing protocols, regulatory standards and compliance requirements and common internet applications/standards
• Must possess a willingness to learn, a positive attitude, ambition, high energy, and self-motivation
• Strong collaboration skills - able to work in a team-oriented collaborative environment. Excellent verbal and written communication skills to interface with managers, staff, customers, and vendors at all levels within the company
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Strong problem-solving skills - applied skills in critical thinking and analysis, (communications) meeting facilitation, and (collaboration) interpersonal interactions
• Strong skills for process and design documentation
• In-depth hands-on knowledge of PCs, servers, firewalls, TCP/IP & protocols, network admin tools, intrusion detection systems, anti-virus software, Active Directory, data encryption, and other industry-standard techniques and practices
• Working technical knowledge of current systems software, protocols, procedures, and standards
• Travel - Occasional, based on issues, system requirements, training, etc.
• This position must pass a post-offer background and drug test

PREFERRED SKILLS AND EXPERIENCE:

• Strong understanding of the Vulnerability Management Lifecycle
• Experience identifying threats in multi-cloud, medium to large enterprise environment investigations
• Experience analyzing large volumes of structured data to isolate trends and influence remediation or decision-making
• Experience with Vulnerability Management platforms such as Qualys, Tenable, BitSight, and RiskRecon
• Understanding of various Risk Management Frameworks and Compliance standards
• Relevant industry certifications such as CISSP, CCSP, CISA, CRISC, or CySa+
  Physical Demands and Work Environment:
  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made

• Proactively drive cyber security threat hunting and analysis
• Identify contemporary and emerging security threats in the domains of cyber, policing, intelligence, and terrorism, while applying critical thinking skills in conceptualizing risk and threat assessment
• Leverage internal and external resources to research threats, vulnerabilities, and intelligence on various attackers and attack infrastructure
• Use various platforms and other proprietary tools to identify threats, determine root cause, scope, and severity of each critical anomaly
• Work with our Threat Intelligence feeds and solutions to identify threats, develop or recommend countermeasures, and perform advanced network and host analysis in the event of a compromise
• Interface with RH Security and IT daily to consult with them on best security practices and help them mature their security posture
• Understand numerous cyber defense technologies and their effectiveness against modern threats
• Implement industry best practices for SOC/SIEM cyber security operations such as MITRE ATT&CK and NIST Cybersecurity Framework (CSF)
• Evaluate, report, and make recommendations on the effectiveness of the organization’s cyber security controls
• Assess need for any security reconfigurations (minor or significant) within enterprise technologies such as: network(s), Active Directory, Database Platforms, general security processes, etc., and build consensus for remediation adoption and finally facilitating execution
• Develop and implement recommendations for tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, events, or vulnerabilities and exploits of downstream systems
• Other projects and duties as assigned
  Qualifications: