Cybersecurity Engineer

Job Summary
The Cybersecurity Engineer implements, manages, and improves secure solutions to safeguard the organization's information systems at our offices, data centers, vessels, and port facilities. The role develops and implements advanced threat detection capabilities, is on the forefront of incident response, and continuously evolves cybersecurity tools to mitigate, prevent, and detect new attacks.

Primary Objectives

• Coordinate and conduct security assessments, threat analysis, and compliance activities for enterprise, vessels, and port security, while staying updated on cybersecurity trends, collaborating with IT and other departments, and educating employees on best practices.
• Facilitate the incident response process in detecting anomalies, managing threats from detection to recovery, improving processes, investigating incidents, conducting exercises, and updating response plans and procedures across all business units.
• Optimize and operate cybersecurity tools and processes to enhance threat detection and response capabilities, ensure system integrity, and continuously improve security measures across various log sources and endpoints.
• Advance and sustain comprehensive security across Windows, Azure, and Microsoft 365 by protecting operating systems, managing patches, mitigating vulnerabilities, hardening images, enforcing policies, safeguarding sensitive information, auditing Azure Conditional Access rules, and improving the Microsoft Defender portal security score.

Duties and Responsibilities

• Coordinate and conduct Third Party Pen Tests of various systems, applications, sites, and vessels in accordance with regulatory and contractual requirements.
• Conduct thorough threat analysis and assessments to identify potential security risks.
• Work with Third Party Assessment Organizations (3PAOs) on compliance packages for ISO, NIST, CMMC, and other frameworks as required.
• Maintain and apply current knowledge of emerging threats, attack vectors, and cybersecurity trends to proactively protect the organization.
• Conduct regular assessments, drills, and exercises with our vessels and Maritime Transportation Security Act (MTSA) regulated faculties to identify gaps and areas for improvement.
• Work closely with IT and other departments in collaborative initiatives to improve security.
• Document, record, and report on cyber threat intelligence from law enforcement, the US government, and commercial sources.
• Influence and mentor technical teams, encouraging a security-first culture across the organization.
• Provide, implement, and update training and awareness programs to educate employees on cybersecurity best practices across the enterprise and the fleet.
• Facilitate incident response processes in detecting anomalies and processing alerts through the pipeline to resolution.
• Continuously improve incident response processes throughout the organization.
• Thoroughly investigate and document incidents incorporating lessons learned.
• Conduct Incident Response Tabletop Exercises in accordance with the Enterprise Incident Response Plan.
• Work cross-functionally to maintain and update Incident Response Plans, Policies, and Procedures.
• Fine-tune cybersecurity tools (SIEM, EDR, IDS/IPS) to maximize threat visibility and detection capabilities.
• Participate in end-to-end threat management processes, from initial detection and analysis to containment, eradication, and recovery.
• Regularly assess the effectiveness of detection mechanisms and make necessary adjustments to improve accuracy and coverage.
• Regularly review and fine-tune the configurations of current cybersecurity tools such as SIEM, EDR, and IDS/IPS to ensure they are effectively detecting and alerting on potential threats.
• Work with various log sources and data feeds to enhance the visibility and detection capabilities of the team. This includes integrating logs from network devices, servers, applications, and cloud environments.
• Perform daily security monitoring to ensure the integrity and availability of hardware, server resources, systems, and key processes, including real-time analysis of logs, and proactive identification of potential threats.
• Administer the security of endpoints by leveraging and improving EDR solutions like Microsoft Defender for Endpoint (MDE).
• Improve the protection of Windows operating systems, both servers and workstations across the organization, including onboard the vessels.
• Apply patch management processes that includes installing, testing, and monitoring patches on servers, workstations, and laptops while continuously assessing and improving the process to ensure long-term security and compliance.
• Advance comprehensive enterprise vulnerability management program, ensuring continuous improvement, proactive identification, and mitigation of vulnerabilities.
• Cross functionally create and harden images for enterprise and vessel based physical and virtual workstations and server operating systems.
• Effectively enforce security policies across the enterprise by leveraging tools such as Group Policy Objects (GPO) and Microsoft Intune, ensuring consistent application of security settings, compliance with regulatory standards, and protection of all devices and systems.
• Administer Privileged Access Management (PAM) tools to safeguard sensitive information and secrets, ensuring secure access controls and monitoring privileged accounts.
• Regularly audit, monitor, and update Azure Conditional Access rules to protect sign-ins and enforce multi-factor authentication (MFA).
• Improve the security score in the Microsoft Defender portal by regularly assessing and addressing vulnerabilities, implementing recommended security measures, and continuously monitoring for threats.
• Other duties as assigned.

QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education

• Bachelor's / Master' degree in Information Sciences, Information Systems, Cybersecurity, Network Engineering, IT Infrastructure or related field or equivalent combination of coursework and experience in a directly related field required

Licenses and Certifications

• Transportation Worker Identification Credential (TWIC) required
• (ISC)2, GIAC, ISACA, CompTIA, or similar certifications preferred

Work Experience

• 5+ years of experience in cybersecurity or related role with strong knowledge of advanced cybersecurity principles and best practices required
• 10+ years of experience in one or more of the following areas: cloud management, system deployments, networking, or a similar role, with a proven track record of independent problem solving in high-stakes environments required

Required Knowledge, Skills and Abilities

• Demonstrated knowledge of firewalls, log analysis, SIEM systems, and network traffic analysis.
• Applied ability to perform incident response, including investigation, forensic analysis, incident timeline reconstruction, and resolution of security incidents.
• Demonstrated understanding of concepts, best practice, and standards of network security, incident response, intrusion detection, forensics, vulnerability assessments, threat hunting, penetration testing, cyber threat intelligence, or similar cyber security role.
• Ability to collect, parse, and analyze log data from a variety of systems (e.g., servers, network devices, user sessions) to detect potential security incidents.
• Ability to lead projects and teams including leading the implementation or administration of systems.
• Knowledge of common security vulnerabilities and mitigations, attacker TTPs (tactics, techniques, and procedures) and associated detection methods, familiarity with one or more cybersecurity frameworks, and a solid understanding of core cybersecurity principles.
• Knowledge of network security and upper layer protocols.
• Demonstrated ability to work well independently as well as collaboratively in an interdisciplinary team.
• Ability to work on multiple tasks and respond to rapidly changing priorities.
• Excellent verbal and written communication skills.

Competencies

• Delivers Results Rigorously drives self and others to achieve high levels of individual and organization performance.
• Engages & Inspires Others Leads with energy, self-confidence and understanding in ways that motivate colleagues to achieve more than they thought possible.
• Focuses on the Customer & Market Continuously evaluates what is important to the customer/client and develops products or solutions that exceed expectations.
• Makes Sound Business Decisions Makes timely and well-informed decisions that advance critical priorities, capitalize on new opportunities, and resolve problems.
• Practices our Values Supports and models The Pasha Way; conduct reflects Excellence, Honesty, Integrity, Innovation and Teamwork.

PHYSICAL DEMANDS, WORK ENVIRONMENT, AND TRAVEL
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Hear and speak with sufficient clarity to understand and engage in telephonic information exchange; hear and understand verbal instructions; give and receive information verbally in person or via communication device - Often
• Walk/travel within office environment, crouch/bend to access floor-level storage - Often
• Use hands/fingers to operate office equipment, type/complete data input, write - Often
• Reach with hands, arms; lift, move and manipulate objects weighing up to 20 pounds - Regularly
• Sight sufficient to read instructions, documents, and screen-based information - Often
• Use hands/fingers to manipulate and file documents, folders, small objects - Regularly

Working Environment
This role requires work that may involve the following environmental conditions:

• Corporate office environment
• Vessel and terminal environment - includes moving, shifting surfaces, and active production areas including moving vehicles, equipment, and machinery.
• Outdoor/open environments which may involve high/low temperatures, humidity and inclement weather conditions.
• Work days and hours may vary to accommodate operations.
• Work schedule may include days, nights, weekends, and holidays.
• Moderate to high levels of noise.

Travel
Occasional Must be able to travel independently to U.S. locations including Hawaii.

Screening Requirements
Background Checks

Must be fully vaccinated against COVID-19, except as prohibited by law.
The information included in this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive or exhaustive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

The salary range listed is based on the geographic zone associated with this role: San Rafael, CA. If you are applying to work from a different location, the salary range may vary to align with the cost of labor and market conditions in that area. For applicants from other zones, we encourage you to reach out to us to confirm the relevant salary range for your specific location. Starting pay will be determined by job-related factors including experience, education, and business needs and may be modified at any time.

Zone 1: $130,000 - $160,000