Senior Cybersecurity Analyst

Overview:

With over 2,000 team members nationwide, Nextech sets itself apart from other companies by being America’s largest HVAC/R service provider.

Nextech boasts outstanding review ratings on Indeed and Glassdoor, making it the premier destination for HVAC professionals. Elevate your career by joining Nextech today!

Role:

The Senior Cybersecurity Analyst will participate strategically and tactically in the overall planning, organizing, and execution of all Information Technology Security functions for Nextech. This hands-on position requires a flexible, well-rounded individual, who is comfortable operating within an IT Cybersecurity team as they build and implement Nextech's Cybersecurity strategy.

Nextech is seeking a strong technical Analyst with the ability to execute as well as grow and advance our Cybersecurity program. This is a unique opportunity to continue to build on a solid foundation, shape your future, and help build a high performing Security Program with the opportunity to grow your career.

Benefits:

• Paid Training & Ongoing Development – Invest in your career with fully paid initial and continuous training.
• Top-Tier Health Insurance – Choose from excellent options, including a FREE employee-only plan.
• Dental & Vision Coverage – Prioritize your overall health with added benefits.
• Supplemental Insurance Options – Access Accident, Critical Illness, Disability, and Supplemental Life coverage.
• FREE Life Insurance – Coverage equal to your annualized pay at no cost to you.
• 401(k) Retirement Plan – Secure your future with a 50% match on the first 6% of your contributions.
• Generous Time Off – Recharge with 7 paid holidays, and Paid Time Off (PTO).

Min Compensation: USD $82,000.00/Yr.

Max Compensation: USD $112,000.00/Yr.

Responsibilities:

• Participates in the continued development of Nextech’s security program, strategies, roadmaps and standardization following industry best practices
• Provides system security subject matter expertise input and recommendations to IT & Development teams
• Security compliance & vulnerability scanning/remediation across multiple platforms and networks
• Manages security efforts, including but not limited to access control, monitoring configuration, security patch testing, configuration management and incident response
• Translates cyber-threat intelligence into actionable mitigation plans
• Partners with IT support groups & DevOps Teams to remediate security vulnerabilities, establish best practices, and build sustainable Cybersecurity programs
• Conducts research and makes recommendations on products, services, and standards in support of all global infrastructure security efforts
• Develops and maintains appropriate response playbooks, facilitates routine exercises, and ensures a sound communication process for all cyber events
• Works directly with Managed Detect and Response (MDR) vendor to ensure timely alerting, remediation/incident response, and Root Cause | Corrective Actions
• Completes assigned tasks in a safe, accurate, thorough, and alert manner
• Upholds Company policies and procedures
• Works in a professional manner with managers, supervisors, coworkers, customers, and the public
• Other related job duties as assigned

Qualifications:

• Participates in the continued development of Nextech’s security program, strategies, roadmaps and standardization following industry best practices
• Provides system security subject matter expertise input and recommendations to IT & Development teams
• Security compliance & vulnerability scanning/remediation across multiple platforms and networks
• Manages security efforts, including but not limited to access control, monitoring configuration, security patch testing, configuration management and incident response
• Translates cyber-threat intelligence into actionable mitigation plans
• Partners with IT support groups & DevOps Teams to remediate security vulnerabilities, establish best practices, and build sustainable Cybersecurity programs
• Conducts research and makes recommendations on products, services, and standards in support of all global infrastructure security efforts
• Develops and maintains appropriate response playbooks, facilitates routine exercises, and ensures a sound communication process for all cyber events
• Works directly with Managed Detect and Response (MDR) vendor to ensure timely alerting, remediation/incident response, and Root Cause | Corrective Actions
• Completes assigned tasks in a safe, accurate, thorough, and alert manner
• Upholds Company policies and procedures
• Works in a professional manner with managers, supervisors, coworkers, customers, and the public
• Other related job duties as assigned

Required Knowledge, Skills, and Abilities:

• Advanced knowledge of internetworking and Windows client/server security concepts, best practices, and procedures
• Broad understanding of all aspects of IT and enterprise systems interoperability
• Ability to communicate technical topics (verbal and written) to multiple organizational levels
• Ability to perform Pre-Audit cybersecurity tasks
• Demonstrated personnel/project management skills
• Able to conduct research into issues and products as required
• Ability to prioritize and execute tasks in a fast-paced environment and make sound decisions in emergency situations
• Highly self-motivated and directed
• Proven analytical and problem-solving abilities
• Strong customer service orientation
• Ability to work globally in a team-oriented environment
• Excellent interpersonal written and oral communication skills
• Proficient in Microsoft Office including advanced skills in Excel (Pivot tables, Vlookup, Macros, If Statements, Formulas)
• Ability to coordinate, contribute to and work within a cross-functional team
• Ability to thrive in a dynamic and fast-paced environment
• Able to prioritize duties and manage multiple projects from start to finish with minimal supervision
• Must possess the ability to take initiative to complete assignments and job responsibilities with minimal supervision
• Exceptional attention to detail and excellent organizational skills

Education and Experience:

• BS/BA degree from a four-year accredited university or college in Information Security, IT Engineering, or Computer Science and/or Eight (8) years relevant work experience
• CISSP, SANS, GIAC, CISM, CISA are preferred
• Experience with IPS/IDS, IaaS/SaaS environments
• 5+ cumulative years' experience in the following:
• Security Risk Analysis / Threat and Risk Analysis
• Security Information Event Management Systems
• Security Incident Response
• Project Management
• Vulnerability Management
• Systems/Requirements Engineering
• Security Concepts
• Previous experience in HVAC Industry or other service business preferred
• Solid “hands on” technical experience is essential

Physical requirements:

• Continuously able to work in office environment
• Continuously able to operate a computer and other office productivity machinery, such as a copy machine, telephone, and computer printer
• Continuously able to sit at a computer for up to 8 hours
• Able to alternate between sitting and standing, as needed throughout the day
• Occasionally able to lift up to 15
• Continuously requires vision, hearing, twisting, and talking
• Occasionally requires walking, lifting, carrying, reaching, kneeling, pushing/pulling, bending, and crouching
• Rarely requires climbing

Other requirements:

• May be required to use personal smartphone with a camera capable of reading a QR code for 2 factor authentication