Powered by endlessly curious people with an unwavering mission focus, Ball Aerospace pioneers discoveries that enable our customers to perform beyond expectation and protect what matters most.
We create innovative space solutions, enable more accurate weather forecasts, drive insightful observations of our planet, deliver actionable data and intelligence, and ensure those who defend our freedom go forward bravely and return home safely. For more information, visit Ball Aerospace Career Site or connect with us on LinkedIn, Facebook, Twitter or Instagram.
The Security and Mission Assurance Strategic Support Unit provides discriminating support to the business to ensure success. We focus on threat identification, risk assessment, and mitigation while improving the efficiency of the business through effective governance and analysis of process, data and overall business knowledge.
Cyber Security Professional II - Operations (Tools) Specialist
What You’ll Do:
- Optimize and maintain the Security Information and Event Management (SIEM) tool for Ball Aerospace unclassified network.
- Perform security information and event correlation using a variety of tools and sources.
- Create SIEM knowledge objects (Log Collection, Dashboards, Saved Searches, Scheduled Searches, Alerts) to improve visibility and decrease incident detection and response times.
- Track threat actors in the environment, identifying their tactics, techniques, and procedures (TTPs) and develop indicators of compromise (IOCs) that will aid in incident response and investigation.
- Drive Security Orchestration, Automation and Response (SOAR) efforts. Participate in SOAR tool selection and eventually create workflows that integrate otherwise disparate security technologies.
- Provide technical support at each phase of the Incident Response lifecycle, collaborating with stakeholders (ITS, HR, Legal, PR, etc.) to successfully investigate, contain, eradicate, and recover from security incidents.
- Develop and maintain standard operating procedures (SOPs) and runbooks to improve work efficiency both individually and as a team.
- Manage cross-department collaboration and communication to ensure that all appropriate security processes and solutions are effectively applied, operating, and monitored.
- Serve as a Subject Matter Expert (SME), providing expertise in all aspects of Security Operations and tool management. Create strong relationships with senior leadership to help mold, shape, and improve the company’s overall security posture.
- Support vulnerability management activities by identifying false positives and/or confirming vulnerabilities detected by automated scanning.
- Understand contractual obligations and reporting requirements of various mission partners and government agencies. Information provided will correlate to the larger business strategy at Ball Aerospace and will maintain vital relationships.
- Maintain a regular and predictable work schedule.
- Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Support Units and the Company. Interact appropriately with others in order to maintain a positive and productive work environment.
- Perform other duties as necessary.
What You’ll Need:
- BS/BA in a related field plus 5 or more years related experience.
- Each higher-level degree, i.e., Master’s Degree or Ph.D., may substitute for two years of experience. Related technical experience may be considered in lieu of education. Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.
- At least 5 years of hands-on, in-depth technical experience working cyber security or information technology in a professional setting preferred. Experience with secure System Administration and a demonstrated aptitude to learn new technologies may be substituted (in part) for this requirement.
- Strong understanding of common local and remote logging facilities (Windows Events, Syslog, etc.).
- Ability to perform risk assessments, threat analysis, and impact analysis.
- Ability to capture, read and interpret network traffic across all seven (7) layers of the OSI model.
- Strong understanding of endpoint security, to include traditional AV, local firewall configuration, and EDR/EPP solutions.
- Excellent communication skills, both written and oral.
- Preferred Security Certifications (but not required):
- GREM (highly preferred), OSCE, OSCP, GMON, GCED, GCIA, GCIH, GSEC, CISSP
- General understanding of industry standards, compliance, and legal guidelines:
- ISO 27001, NIST 800-53, SOC 2, SSAE 16, SOX, HIPAA, CIS Top 20 Critical Controls, etc.
- Ability to work well under minimal supervision and, at times, under pressure.
- Strong team-oriented and interpersonal skills; able to interface effectively with a broad range of people and roles at all levels, both within and outside of Ball Aerospace.
- Work is performed in an office environment, laboratory, cleanroom, or production floor.
- Travel and local commute between Ball campuses and other possible non-Ball locations may be required.
Relocation for this position is available.
Compensation & Benefits:
- HIRING SALARY RANGE: $95,000 - $129,000 (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.)
- This position includes a competitive benefits package. For details, copy and paste https://bit.ly/3pNSnxv into your browser or visit our careers site.
US CITIZENSHIP MAY BE REQUIRED
Ball Aerospace is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.