Senior Cyber Security Analyst

The role of the Senior Cyber Security Analyst responsibilities include administering, designing, implementing, and analyzing the company’s security environment. The Senior Cyber Security Analyst will help establish and manage security processes and projects to help proactively protect Century Aluminum’s network from external and internal security threats. The individual in this role works across all organizational and department lines to ensure compliance with cyber safety initiatives.

Responsibilities Design and implement security controls and systems aligned to NIST CSF and IEC 62443 to achieve the security program goals. Continually monitor company networks, systems, applications and cloud resources for vulnerabilities, threats, suspicious activity, or potential risks Lead the cybersecurity and incident response teams in the absence of the cybersecurity manager and oversee custody of evidence and other critical activities Collaborate with the cybersecurity manager and team to develop and continually improve standards, policies and procedures Implement security measures to protect both the Information Technology (IT) and Operating Technology/Process Control (OT) systems and applications Conducts threat modeling and security assessments, determines security requirements and specifications and develops security solutions to satisfy design requirements. Strengthen Century’s ability to defend and recover from Ransomware attacks Maintain a cyber security incident response plan and execute periodic simulated incident response exercises.

Implement and manage a vulnerability and incident reporting process with metrics and summary dashboards Produces internal documentation, requirements, design specifications, system and network diagrams, runbooks and etc. Safeguards system and network security and improves overall efficiency by training users and promoting security awareness Perform network penetration testing, attack simulations, and regular threat and vulnerability assessments Oversee employee cybersecurity education and training to reduce susceptibility to social engineering and phishing campaigns or inadvertently installing ransomware and malware Implement measures to protect data and ensure compliance with various governmental data protection regulations and reporting Identify, define, and document system security requirements and recommend solutions to management Act as a common escalation point for junior staff and mentor the team to develop security operations skillsets Lead the cybersecurity and incident response teams in the absence of the cybersecurity manager Coordination with and manage external vendors and suppliers Configure, troubleshoot, and maintain security infrastructure software and hardware Stay abreast of the security industry, events and technologies and ensure security systems stay current and responsive to emerging threats and trends. Requirements Background: Technical Experience: Minimum 7+ years - Preferred 12+ years Management: none Manufacturing: 3+ years (preferred) Training Certifications: Security+, CISSP, CEH, CYSA+ (preferred) Other Preferred Expert knowledge in selected domains of cybersecurity such as network security and segmentation, firewalls, DMZ’s, network access control, endpoint security, SIEM and threat detection and response systems.

Certifications such as CISSP, CISM, SANS/GIAC, CCIP and GICSP Understand risk and vulnerability management Proficiency in communicating technical concepts both verbally and written. Experience with penetration testing and techniques Strong understanding of networking, network security and network security technologies Other Important Items Scope of Role The descriptions contained herein are intended to describe the general nature and level of work being performed by people assigned to this role. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel in this classification.

Other duties or responsibilities may be added at management’s sole discretion. Moreover, this description excludes the marginal functions of the position that are incidental to the performance of the fundamental job duties. Employees are expected to follow any job‑related instructions and to perform any other job‑related duties requested by the supervisor.

Physical Requirements The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. In accordance with the Company's ADA Policy, reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This job operates at times in a manufacturing plant environment.

This role routinely will be required to walk up and down stairs, observe through vision and hearing, and may be exposed to heat, cold, and loud noises intermittently. This job also operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

The noise level in the work environment is usually moderate. While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or finger, handle, or feel objects, tools or controls.

The employee is frequently required to stand; walk; sit; reach with hands and arms; climb or balance; and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, color vision, peripheral vision, and the ability to adjust focus.

At Will Status This document does not create an employment contract, implied or otherwise. Employees in this position are employed “at will.” EEO/ Affimative Action The Company is committed to providing equal employment opportunity for all applicants and employees. The Company will not discriminate against any employee or applicant on the basis of race; color; sex (including sexual orientation and/or gender identity); marital status; pregnancy, childbirth, or related medical conditions; creed; religion; national origin; citizenship status; ethnicity; age; disability; genetic information; HIV/AIDS status; veteran or service member status; or any other category protected by federal, state or local law.

It is the Company’s policy not to request any employees genetic information or to make any employment decision based on genetic information. The Company is committed to advancing the principles of equal employment opportunity through its affirmative action plan which it maintains in accordance with all legal requirements in order to provide equal employment and advancement opportunities to all employees and applicants for employment with the Company regardless of their race, color, gender, disability, and veteran status. #J-18808-Ljbffr