Responsible for the operation of the information security scheme related to network security, which includes design, implementation and administration of technical cybersecurity defenses for firewalling, segmentation, network intrusion detection and prevention, network access monitoring and control, network vulnerability scanning, penetration testing, etc. Also, the analyst is an important part in the process of reviewing and executing the incident response process, and performing digital forensics investigations. Participate in team planning activities; occasionally assume responsibility for planning security assessments, evaluations, and projects. Analyst needs to possess knowledge and experience in area of responsibility. Capable of solving a set of security related problems with minimum assistance; contract vendors occasionally. Job requires carrying a pager and/or cell phone and take part on an on-call schedule.
Bachelor’s Degree in a related field required + 5 years of related experience OR Master's Degree in Computer Sciences, Telecommunications, Management, Networking or related field + 3 years of experience.
Experience on network security (network firewall, VPN, SIEM, URL Filtering and web content filtering), required.
1. Design, implement and maintain network technology services to ensure confidentiality, integrity and availability of CITGO information assets at Houston and remote sites, including process control networks, and hosts of CITGO information in the “cloud”. By enforcing zoning and firewalling among different areas of the network with different security requirements. Deploy and administrate network access control lists, firewall rulesets, Virtual Private Networks (VPN), Network Access Control (NAC), etc.
2. Provide day to day administration and maintenance of intrusion detection and prevention systems, dedicated to detect known form of attacks and policy violations, as well as anomalies. These systems include the administration of: Network intrusion detection and prevention (IDS and IPS), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Antivirus and Advanced Malware Protection (AMP) systems.
3. Administration and maintenance of the department’s capability for real-time alerting and digital forensics. Enable sources of security events to produce and forward logs to the Security Information and Event Management (SIEM) tool; ensure the SIEM tool gathers and correlate events to provide the necessary real-time alerting for CITGO Incident Response (IR) capability. Prioritize alerts based on severity and target’s criticality, determine and tune out false positives, and add detection to minimize false negatives.
4. Review, test and be part of in the Incident Response (IR) process, by periodical review and testing of the procedure. Also participate in investigating alerts, helping confirm incidents, and be part of response team. Contribute in the lesson learned phase of the incident response process by helping fine tune the detection capability.
5. Conduct security assessments to determine areas of vulnerability to CITGO information assets; this process includes determining information asset owner's acceptable level of risk and recommending controls such as policies, procedures, and technology to mitigate vulnerabilities while decreasing risk down to acceptable levels. Implement the department’s vulnerability scanning program, work with IT department to ensure controls, including patching, are implemented timely and with minimal impact to the business operations.
6. Analyze technological advances with existing product lines and emerging technologies, against the requirements of the company and the information asset owner, to ensure the appropriate policies, procedures, hardware and software controls are selected to provide effective protection over an extended period of time. Ensure compatibility within the entire CITGO security scheme and integrate with minimal impact to end users of information asset systems.