Senior Cybersecurity Engineer (SOC)
McDermott International, Ltd, Houston, TX, United States
Company Overview:
Our ingenuity fuels daily life. Together, we’ve forged some of the most trusted partnerships across the energy value chain to make what was once just an idea a reality: laying subsea infrastructure thousands of feet below sea level, installing platforms hundreds of miles from shore, using our expertise to design and build offshore wind infrastructure, and reshaping the onshore landscape to deliver the energy products the world needs safely and sustainably.
For more than 100 years, we've been making the impossible possible. Today, we're driving the energy transition with more than 30,000 of the brightest minds across 54 countries.
Job Overview:
- Manages and proactively assesses cybersecurity issues and threats, runs complex analyses on incidents, and uses in-depth research to inform company's resolution process.
- Lead and oversee the investigation of the most complex and critical cybersecurity incidents and guide team in the resolution process when necessary.
- Recommends and coordinates the development, enhancement, organization, and maintenance of cybersecurity solutions, processes and policies, including research and triage analysis.
- Manage resources and projects within cyber operations
- Collaborate with peers to align cybersecurity operations practices globally
- Assist in the analysis, design and development of an Information Security roadmap aligned with McDermott’s business strategies.
- Assume ownership of identified systems, controls and processes to provide proper oversight, management, and maintenance of them as well enhance and augment as needed
- Maintain awareness of emerging threats and technology to ensure there are adequate controls in place
- Continuously improve the integration and effectiveness of implemented technologies.
- Maintain awareness of cybersecurity threats, events, tactics, techniques, and procedures (TTPs).
Key Tasks and Responsibilities:
- Maintain consistency and SLAs for cyber operations deliver.
- Provide guidance and mentorship to resources.
- Assist with security awareness planning and delivery.
- Work with IT risk assessment function to ensure the proper security configurations and controls are implemented for IT projects.
- Serve as an internal trusted advisor providing security services, advice on security, and assist with compensating control alternatives where security requirements cannot be met.
- Contribute to identification of strengths and weaknesses for security solutions impacting business strategies.
- Identify cybersecurity operations technology gaps, deficiencies, and recommend corrective actions.
- Create documentation of findings and recommendations (root cause and risk analysis) as needed.
- Assist with forensic investigations and incident response team (CIRT) activities.
- Assign work to Cyber SOC for remediation.
- Respond to critical business impacting events and coordinate the efforts required to include the proper resources to remediate the issue.
- Coordinate major cybersecurity incident situations and provide internal communications via email in a timely fashion.
- Support Compliance managers in providing Cybersecurity artifacts.
- Ensure alignment within information cybersecurity operations with NIST, and ISO 27002 requirements.
Essential Qualifications and Education:
- Bachelor’s Degree Information Technology + 3 years of experience or 7 years of direct security experience
- 7 or more years of experience working in Information Security
- Experience with cloud services and APIs
- Working knowledge of firewall, router, network switch, VOIP, and wireless architecture and operation
- Experience with forensic investigation experience
- Experience with security incident and investigation reports/briefings
- Experience with Active Directory
- Experience with Microsoft desktop and server operating systems
- Experience in a team-oriented, collaborative environment
- Strong analysis and problem-solving skills
- Strong oral and written communication skills
- Detail oriented in investigations and communications
- Able to handle confidential investigations with discretion
- Ability to multi-task and prioritize workload
- Familiarity with PowerShell, Python and/or SQL is a plus
- Familiarity with security orchestration, automation and response (SOAR) is a plus
- Required Certification (1):Security+, CASP+, SSCP, CISSP or equivalent accepted cybersecurity certification
- Working knowledge of the following Information Security domains, 4 required, security operations mandatory
- Security Operations (Mandatory)
- Cloud Security
- Network Security
- Vulnerability and Threat Management
- Identity and Access Management (IAM)
- Database Security
- Application Security
- 5 or more years of experience in security operations
- 3 or more years of experience with security information and event management (SIEM) tools
- 3 or more years of experience with endpoint protection tools
- 3 or more years of experience working with threat intelligence feeds and IOCs
- 3 or more years of experience managing or delivering projects