Sundyne
IT Cybersecurity Analyst
Sundyne, Arvada, Colorado, United States, 80004
It's fun to work in a company where people truly BELIEVE in what they are doing!
Headquartered in Arvada, Colorado with operations and presence in Europe, the Middle East, India, Asia, Japan, and China, Sundyne is a global manufacturer of precision-engineered, highly reliable, safe, and efficient centrifugal pumps and compressors for use in chemical, petrochemical, hydrocarbon, hydrogen, pharmaceutical, power generation, and industrial applications. Sundyne is a leader in delivering precision-engineered and highly reliable pumps & compressors to many of the world's most important markets, including energy, chemical, industrial, carbon capture, clean hydrogen, and renewable fuels. Sundyne pumps and compressors are available in API, ANSI/ASME, ISO, and other industry-compliant designs. To learn more about the Sundyne family of precision-engineered pumps and compressors, please visit www.sundyne.com.
***Note this is a full-time and on-site role at our Arvada, CO facility***
Position Description
Sundyne is seeking a
Cybersecurity Analyst
to be the primary driver and owner of Sundyne's entire Cybersecurity program. Responsibilities will be to assess Sundyne cybersecurity tools/controls, plan improvements, collaborate with internal and external staff on implementing improvements, and report status or progress to management.
Job Duties & Responsibilities
CIS/NIST Framework
Perform ad-hoc and on-going assessments of Sundyne controls and compare to CIS/NIST FrameworkIdentify gap areas or areas requiring additional improvementsDiscuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to adhere to CIS/NIST frameworkReport to management on status, plan, schedule and future stateVulnerability Scanning / Penetration Testing
Work with outsourced service provider to schedule and conduct vulnerability scans and penetration tests using existing tool(s)Review and assess findings with respective stakeholdersDiscuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to reduce or mitigate identified vulnerabilitiesReport to management on status, plan, schedule and future stateOther Cybersecurity Assessments/Certifications/Questionnaires
Assist in conducting other cybersecurity assessments as required.
Review and/or complete various cybersecurity questionnaires on Sundyne's behalf when requested by 3rd partiesDiscuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to reduce or mitigate identified vulnerabilitiesReport to management on status, plan, schedule and future stateUse cybersecurity questionnaires as input into Sundyne cybersecurity program, to identify potential areas of improvementCreate Sundyne's Cybersecurity questionnaire for completion by 3rd parties which have access to Sundyne IT or provide IT service to SundyneAssist in the certification/re-certification of Cyber Essentials Plus certification (CE+)Develop and execute a plan towards gaining ISO27001 certification for all Sundyne sites globallyDevelop and execute a plan towards gaining ISO 9001:2015 certification for all Sundyne sites globallySecurity Projects/Initiatives
Research, plan, implement, project manage security projects or initiatives in the pursuit of increased SecurityLeverage all inputs to put together a holistic cybersecurity program for the organizatioReview and/or develop
Incident response plansTabletop exercisesBCP/DR PlansCustomer Notification PlansAssist other IT Security team members as neededPhishing SimulationsEmail & web filteringSpan and Phishing email investigationsIPS/IDS alert investigationsSIEM alert investigationsReview and oversee zero-day vulnerabilitiesReview or create policies, standards and procedures related to Cybersecurity topics.Skills & Abilities
Ability to maintain multiple projects and initiatives at the same timeExperience communicating and collaborating with multiple audiences at different levels - Individual Contributors to C-Level ExecutivesEffective written and oral communication skillsAbility to keep calm under pressureStrong planning, coordination, documentation and scheduling skillsCustomer Focused with a can-do attitudeExperience working with or overseeing international outsourced service providersSome knowledge/experience with Batch, PowerShell, or other scripting languages.Qualifications
Cybersecurity Certifications, one or more of the below required.CISSP - Certified Information Systems Security ProfessionalCISA - Certified Information Systems AuditorCompTIA Security+CASP - CompTIA Advanced Security PractitionerCEH - Certified Ethical HackerCISM - Certified Information Security ManagerSSCP - Systems Security Certified PractitionerGCIH - Global Information Assurance Certification Certified Incident HandlerGSEC - Global Information Assurance Certification Security Essentials CertificationOSCP - Offensive Security Certified Professional
Completed Bachelor Degree in Computer Science, IT Security, Cybersecurity or equivalent required10+ years' experience in IT with a focus on Identity Management and Security requiredSecurity Apps/Products, expert level in one or more of the below tools or products preferredActive Directory/Azure Active DirectoryQualysCrowdstrikeColortokensBluSapphireO365 Cloud App SecurityAzure SecurityCisco ASACisco ISEMerakiCisco UmbrellaCertificate based Authentication & Encryption
Ability to showcase experience in improving cybersecurity standards across the board using CIS/NIST Framework
If you like growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
If you like growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
Compensation DetailsAnnual Salary: $110,000.00 - $135,000.00
Additional CompensationSalary Range for this position: $110k-$135k (the salary offered will be determined based on the applicant's education, experience, skills, knowledge, abilities, and will be compared with internal equity along with market data for this position).
Application Deadline:2025-01-30
Headquartered in Arvada, Colorado with operations and presence in Europe, the Middle East, India, Asia, Japan, and China, Sundyne is a global manufacturer of precision-engineered, highly reliable, safe, and efficient centrifugal pumps and compressors for use in chemical, petrochemical, hydrocarbon, hydrogen, pharmaceutical, power generation, and industrial applications. Sundyne is a leader in delivering precision-engineered and highly reliable pumps & compressors to many of the world's most important markets, including energy, chemical, industrial, carbon capture, clean hydrogen, and renewable fuels. Sundyne pumps and compressors are available in API, ANSI/ASME, ISO, and other industry-compliant designs. To learn more about the Sundyne family of precision-engineered pumps and compressors, please visit www.sundyne.com.
***Note this is a full-time and on-site role at our Arvada, CO facility***
Position Description
Sundyne is seeking a
Cybersecurity Analyst
to be the primary driver and owner of Sundyne's entire Cybersecurity program. Responsibilities will be to assess Sundyne cybersecurity tools/controls, plan improvements, collaborate with internal and external staff on implementing improvements, and report status or progress to management.
Job Duties & Responsibilities
CIS/NIST Framework
Perform ad-hoc and on-going assessments of Sundyne controls and compare to CIS/NIST FrameworkIdentify gap areas or areas requiring additional improvementsDiscuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to adhere to CIS/NIST frameworkReport to management on status, plan, schedule and future stateVulnerability Scanning / Penetration Testing
Work with outsourced service provider to schedule and conduct vulnerability scans and penetration tests using existing tool(s)Review and assess findings with respective stakeholdersDiscuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to reduce or mitigate identified vulnerabilitiesReport to management on status, plan, schedule and future stateOther Cybersecurity Assessments/Certifications/Questionnaires
Assist in conducting other cybersecurity assessments as required.
Review and/or complete various cybersecurity questionnaires on Sundyne's behalf when requested by 3rd partiesDiscuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to reduce or mitigate identified vulnerabilitiesReport to management on status, plan, schedule and future stateUse cybersecurity questionnaires as input into Sundyne cybersecurity program, to identify potential areas of improvementCreate Sundyne's Cybersecurity questionnaire for completion by 3rd parties which have access to Sundyne IT or provide IT service to SundyneAssist in the certification/re-certification of Cyber Essentials Plus certification (CE+)Develop and execute a plan towards gaining ISO27001 certification for all Sundyne sites globallyDevelop and execute a plan towards gaining ISO 9001:2015 certification for all Sundyne sites globallySecurity Projects/Initiatives
Research, plan, implement, project manage security projects or initiatives in the pursuit of increased SecurityLeverage all inputs to put together a holistic cybersecurity program for the organizatioReview and/or develop
Incident response plansTabletop exercisesBCP/DR PlansCustomer Notification PlansAssist other IT Security team members as neededPhishing SimulationsEmail & web filteringSpan and Phishing email investigationsIPS/IDS alert investigationsSIEM alert investigationsReview and oversee zero-day vulnerabilitiesReview or create policies, standards and procedures related to Cybersecurity topics.Skills & Abilities
Ability to maintain multiple projects and initiatives at the same timeExperience communicating and collaborating with multiple audiences at different levels - Individual Contributors to C-Level ExecutivesEffective written and oral communication skillsAbility to keep calm under pressureStrong planning, coordination, documentation and scheduling skillsCustomer Focused with a can-do attitudeExperience working with or overseeing international outsourced service providersSome knowledge/experience with Batch, PowerShell, or other scripting languages.Qualifications
Cybersecurity Certifications, one or more of the below required.CISSP - Certified Information Systems Security ProfessionalCISA - Certified Information Systems AuditorCompTIA Security+CASP - CompTIA Advanced Security PractitionerCEH - Certified Ethical HackerCISM - Certified Information Security ManagerSSCP - Systems Security Certified PractitionerGCIH - Global Information Assurance Certification Certified Incident HandlerGSEC - Global Information Assurance Certification Security Essentials CertificationOSCP - Offensive Security Certified Professional
Completed Bachelor Degree in Computer Science, IT Security, Cybersecurity or equivalent required10+ years' experience in IT with a focus on Identity Management and Security requiredSecurity Apps/Products, expert level in one or more of the below tools or products preferredActive Directory/Azure Active DirectoryQualysCrowdstrikeColortokensBluSapphireO365 Cloud App SecurityAzure SecurityCisco ASACisco ISEMerakiCisco UmbrellaCertificate based Authentication & Encryption
Ability to showcase experience in improving cybersecurity standards across the board using CIS/NIST Framework
If you like growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
If you like growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
Compensation DetailsAnnual Salary: $110,000.00 - $135,000.00
Additional CompensationSalary Range for this position: $110k-$135k (the salary offered will be determined based on the applicant's education, experience, skills, knowledge, abilities, and will be compared with internal equity along with market data for this position).
Application Deadline:2025-01-30