Information Security Specialist
WHO WE ARE
Overhaul is a supply chain integrity solutions company that allows shippers to connect disparate sources of data into the first fully transparent situational analysis engine designed for the logistics industry. Data that is transformed into critical insights can instantly trigger corrective actions, impacting everything from temperature control to handling requirements or package-level tracking, ensuring cargo arrives at its destination safely, undamaged, and on time. We are a dynamic, innovative, and fun team who is highly committed to our customers’ experiences and our Mission and Vision.
THE ROLE
Assesses information risk and facilitates remediation of identified vulnerabilities with the network, systems, and applications. Performs vulnerability assessments as assigned utilizing security tools and methodologies. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Reports on findings and recommendations for corrective action.
Information Security Specialists will be required to work irregular schedules to fulfill requirements.
PRINCIPAL DUTIES:
- Analyze security breaches to determine their root cause.
- Assist in the development of security standards, procedures, and controls.
- Be available for after-hours work: troubleshooting, responding to alerts, and maintenance windows
- Be available to work off-hours and on weekends to implement changes and support domestic and international businesses.
- Capture and securely store desktop and laptop, e-mail, web filtering, and network security device logs.
- Collect internal and external data sources into security monitoring and analytics platforms.
- Conduct onsite inspections and audits to ensure they are following Overhaul policies and standards
- Conduct penetration testing to identify security vulnerabilities (e.g. staff, systems, and facilities).
- Demonstrate proficiency in planning and scoping pen testing, attacks, and exploits, information gathering, and vulnerabilities identification, plus reporting and communication.
- Detect and alert on unauthorized access to or malicious activity involving the physical property.
- Effectively communicates technical issues to diverse audiences.
- Enable secure browsing controls and capabilities on desktop and laptop web browsers.
- Ensure asset vulnerabilities are identified and documented.
- Ensure compliance with enterprise policy, standards, and regulatory requirements by establishing compliance management and investigative capabilities.
- Ensure Data-at-rest and in-transit is protected.
- Ensure patches are installed to reduce the risk of vulnerability exploitation.
- Ensure physical devices and systems within the organization are inventoried.
- Ensure software platforms and applications within the organization are inventoried.
- Ensure the protection of digital files and information systems against unauthorized access, modification, and/or destruction
- Ensure the protection of user, device, and system identities and credentials from compromise through established identity authorization, authentication, access management, directory services, and certificate management capabilities.
- Investigate and respond to potentially malicious end-user activity.
- Leverage data from security monitoring and analytics platforms to alert on known signatures, unknown attacks, and abnormal behavior.
- Monitor against a baseline of network operations and expected data flows for users and systems is established and managed.
- Monitor for suspicious mail and deliveries to prevent disruption or data compromise.
- Monitor network behavior and analyze detected events to understand attack targets and methods
- Perform routine threat assessments to proactively identify security and privacy control gaps.
- Perform vulnerability scans to identify vulnerabilities in the environment.
- Protect desktops and laptops, servers, virtualized endpoints, and mobile devices from compromise through secure hardening, malware protection, endpoint application control, intrusion detection and prevention, host-based firewalls, and continuous monitoring.
- Protect the network through the use of network device hardening, firewall capabilities, intrusion detection and prevention systems (IDPS), denial of service protection, segmentation, rogue device detection, e-mail filtering, and web filtering.
- Regularly review system access rights and verify the need for continued access.
- Remediate identified vulnerabilities in the environment.
- Review policies and standards to identify if updates are needed.
EXPERIENCE:
- Intrusion Detection and Prevention Systems (IDS/IPS)
- Data Loss Prevention solutions
- Antivirus/Malware solutions
- Identity and Access Management Technologies (IAM)
- Security Information and Event Management (SIEM)
- Windows, macOS, UNIX, and Linux operating systems
- Network protocols and packet analysis tools
- Cloud computing
- Knowledge and some experience of IT controls/ IT auditing/Security/Compliance/ control frameworks and regulations (ex. AICPA, NIST, etc.)
LICENSES OR CERTIFICATES (NOT MANDATORY)
CompTIA Security+
CompTIA PenTest+
CompTIA Cybersecurity Analyst (CySA+)
SANS GIAC Security Essentials (GSEC)
Certified Ethical Hacker (CEH)
Offensive Security Certified Professional (OSCP)
Certified Cloud Security Professional (CCSP)
Our Core Values and how they benefit you as an “Overhauler”
Authenticity, Receptivity and Trust
· Extremely competitive base salary package
· 401(k) with Overhaul match
· Flexible working schedules
· Remote, hybrid, and/or In-office*
Encouragement and Learning
· Progressive advancement opportunity & career mobility
· Paid development personal stipend
· Monthly lunch and learns
· 2 Unique learning systems w/Instructor led content
Wellness and Integrity
· Rotating Overhaul “Perks @ work” (Discounts and Freebies)
· Overhaul fully provided healthcare plan
· Employee assistance & wellbeing programs
· New Parent/Family/Caregiver leave(s)
· Daily BAMM time (body and mind movement)
· Life by design vacation policy
Diversity and Inclusivity Statement:
Overhaul has always been, and always will be, committed to diversity and inclusion. Our Overhaul Culture Code’s top listed commitment is to “Diversity and Synergy.” All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. We strongly encourage people from underrepresented groups to apply!