Cybersecurity Operations Engineer - Howmet Aerospace
Pittsburgh, PA 15260
About the Job
Howmet Aerospace Inc. (NYSE: HWM), headquartered in Pittsburgh, Pennsylvania, is a leading global provider of advanced engineered solutions for the aerospace and transportation industries. The Company's sales for 2022 approximated $5.7 billion. The Company's primary businesses focus on jet engine components, aerospace fastening systems, titanium structural parts and forged wheels. With nearly 1,150 granted and pending patents, the Company's differentiated technologies promote more fuel efficiency for aircraft and commercial transportation. For more information, visit www.howmet.com , including content shared during the Company's May 2022 Technology Day.
Follow: LinkedIn , Twitter , Instagram , Facebook , and YouTube .
Howmet is proud to be an Equal Employment Opportunity and Affirmative Action employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or other applicable legally protected characteristics.
If you need assistance to complete your application due to a disability, please email TalentAcquisitionCoE_Howmet@howmet.comBasic Qualifications:
- Bachelor's degree in information systems, information cybersecurity, or a related field
- 5 years of progressive experience in information security
- Strong knowledge of information security principles, technologies, and best practices, including risk management, vulnerability management, incident response, and security operations
- Experience implementing and maintaining security tools; EDR/XDR, SIEM, Vulnerability Management, Privileged Access Management, Privileged Remote Access
- Experience working a cybersecurity incident
- Experience developing, documenting, and implementing information security strategies, policies, and procedures in a complex organizational environment
- Experience with regulatory compliance frameworks (e.g., GDPR, HIPAA, SOX) and industry standards (e.g., NIST, CMMC, ISO 27001)
- Proven ability to lead and manage a diverse team of information security professionals, including remote teams and third-party vendors
- Employees must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.
Preferred Qualifications:
- Master's degree in cybersecurity, information systems or a related field
- Experience with operating systems and networking
- Cybersecurity certifications, such as CASP , GSE, CISSP
- Experience with Enterprise Identity & Access Management and comparable security products
- Experience with Manufacturing environments and Operational Technology (OT)
Salary Range: $120k - $140k/year approximation (Actual compensation is subject to variation due to factors such as education, experience, skillset, and/or location).Basic Qualifications:
- Bachelor's degree in information systems, information cybersecurity, or a related field
- 5+ years of progressive experience in information security
- Strong knowledge of information security principles, technologies, and best practices, including risk management, vulnerability management, incident response, and security operations
- Experience implementing and maintaining security tools; EDR/XDR, SIEM, Vulnerability Management, Privileged Access Management, Privileged Remote Access
- Experience working a cybersecurity incident
- Experience developing, documenting, and implementing information security strategies, policies, and procedures in a complex organizational environment
- Experience with regulatory compliance frameworks (e.g., GDPR, HIPAA, SOX) and industry standards (e.g., NIST, CMMC, ISO 27001)
- Proven ability to lead and manage a diverse team of information security professionals, including remote teams and third-party vendors
- Employees must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.
Preferred Qualifications:
- Master's degree in cybersecurity, information systems or a related field
- Experience with operating systems and networking
- Cybersecurity certifications, such as CASP+, GSE, CISSP
- Experience with Enterprise Identity & Access Management and comparable security products
- Experience with Manufacturing environments and Operational Technology (OT)
Salary Range: $120k - $140k/year approximation (Actual compensation is subject to variation due to factors such as education, experience, skillset, and/or location).Join Howmet Aerospace's Corporate Information Security team and help positively impact our business. The Cybersecurity Operations Engineer role is an exciting opportunity to help mature our security program through implementing leading technologies, challenging enterprise projects, and evaluating new platforms. We are advancing our solid set of security tools to enable our business units to function securely and efficiently aligning with security best practices under NIST Cybersecurity Framework (CSF) and program accreditations such as ISO 27001 and the DOD Cybersecurity Maturity Model Certification (CMMC). The Cybersecurity Operations Engineer will report to the Senior Manager, Cybersecurity Operations under the direction of the Chief Information Security Officer (CISO). This is role has responsibility for designing and implementing technology solutions that support our overall Cybersecurity program.
Major Activities and Key Challenges:
- Build, deliver, maintain, and update security technology, platform, and security system solutions in Howmet's Global Information Technology space that addresses business and technical requirements, leveraging standard principles and patterns. Security platforms, including but not limited to; Endpoint Detection & Response platform, Forensics tools, Privileged Access Management systems, Multifactor Token/Certificate management systems, Remote Access systems and Identity Security
- Provides subject matter expertise to Global Information Systems teams and the business, providing recommendations based on best practices and articulating operational or security risks appropriately
- Leads proactive efforts to ensure security systems and platforms are properly configured, tested, well documented and successfully implemented and maintained, in partnership with Cybersecurity Operations team
- Defines tuning and configuration parameters/settings for technologies, platforms and systems to meet security, business and operational requirements
- Leads lifecycle management activities for security technology, platform, systems and related documentation to ensure operational health and security
- Monitors technology, platform, and systems to ensure required performance, availability, and capacity. Identifies and eliminates gaps in monitoring and potential impact on service delivery
- Continuously seeks to more efficiently manage and utilize security technology, platform and systems
- Follows industry, organization, and NIST CSF standards and best practices to maximize quality and efficiency of our internal systems and tools Provide hands on assistance with security administration of the cybersecurity solutions as needed
- Provide off-hours on-call assistance as needed
Essential knowledge, skills, and abilities:
- Solid communication skills, capable of conveying technical information effectively across all levels of the organization; capable of expressing feedback and opinions in a constructive and productive manner
- Capacity to coordinate processes and effectively collaborative across departments
- Solid project management skills to effectively gather requirements, analyze complex situations and swiftly determine next course of action
- Aptitude to plan and prioritize own work to meet commitments aligned with organizational goals
Major Activities and Key Challenges:
- Build, deliver, maintain, and update security technology, platform, and security system solutions in Howmet's Global Information Technology space that addresses business and technical requirements, leveraging standard principles and patterns. Security platforms, including but not limited to; Endpoint Detection & Response platform, Forensics tools, Privileged Access Management systems, Multifactor Token/Certificate management systems, Remote Access systems and Identity Security
- Provides subject matter expertise to Global Information Systems teams and the business, providing recommendations based on best practices and articulating operational or security risks appropriately
- Leads proactive efforts to ensure security systems and platforms are properly configured, tested, well documented and successfully implemented and maintained, in partnership with Cybersecurity Operations team
- Defines tuning and configuration parameters/settings for technologies, platforms and systems to meet security, business and operational requirements
- Leads lifecycle management activities for security technology, platform, systems and related documentation to ensure operational health and security
- Monitors technology, platform, and systems to ensure required performance, availability, and capacity. Identifies and eliminates gaps in monitoring and potential impact on service delivery
- Continuously seeks to more efficiently manage and utilize security technology, platform and systems
- Follows industry, organization, and NIST CSF standards and best practices to maximize quality and efficiency of our internal systems and tools Provide hands on assistance with security administration of the cybersecurity solutions as needed
- Provide off-hours on-call assistance as needed
Essential knowledge, skills, and abilities:
- Solid communication skills, capable of conveying technical information effectively across all levels of the organization; capable of expressing feedback and opinions in a constructive and productive manner
- Capacity to coordinate processes and effectively collaborative across departments
- Solid project management skills to effectively gather requirements, analyze complex situations and swiftly determine next course of action
- Aptitude to plan and prioritize own work to meet commitments aligned with organizational goals