Senior Cyber Risk Analyst
South Carolina Ports AuthorityCompany Description
The South Carolina Ports Authority (SCPA) owns and operates public seaport and intermodal facilities in Charleston, Dillon, and Greer. Our 750+ employees handle cargo, operate and maintain cargo handling equipment, manage port facilities and operations, and support the port system in a fast-paced 24/7 environment.
Job Description
*Please note that this position is 100% onsite. Please do not apply if you are seeking a remote or hybrid role.*
Job Summary
The Senior Cyber Risk Analyst works closely with the General Manager of Information Security to identify, prevent, detect, and respond to cyber-attacks, ensuring the security and continuity of information systems against threats such as service interruptions, intellectual property theft, network viruses, and data breaches. This role involves installing, configuring, and managing security mechanisms, implementing policies for antivirus software, firewalls, and other protective systems, and responding to security incidents with thorough investigations and actionable recommendations to close potential gaps.
The analyst conducts risk assessments of applications, infrastructure, and vendors against a defined framework, addressing identified risks through tailored solutions and hands-on resolution when feasible. Additionally, the analyst triages security alerts, gathers data from network analysis tools, reviews threat intelligence, and diagnoses potential compromises or high-risk exposures. They also participate in vulnerability assessments and use emergency response procedures to safeguard the organization’s digital assets.
Essential Job Responsibilities
• Serve as a subject matter expert for threat and vulnerability management, contributing to service roadmaps, critical vulnerability identification, and response exercises.
• Act as an early informer of critical vulnerabilities and exposures to safeguard the company's information, while maintaining advanced knowledge of industry trends, security issues, and technologies, providing regular updates to management.
• Perform security, risk, and vulnerability assessments of networks, systems, and applications, collaborating with business and application owners throughout the system design lifecycle.
• Support IT operations by contributing to Backup Plans, Disaster Recovery Plans, Incident Management Plans, and day-to-day security monitoring, incident escalation, and compliance with enterprise policies.
• Analyze and evaluate security operations to identify risks, ensure compliance, and recommend improvements.
Additional Job Responsibilities
• Other duties as assigned- This job description in no way states or implies that these are the only duties to be performed by this employee. The employee will be required to follow any other instructions and to perform any other appropriate duties requested by their supervisor.
Qualifications
Minimum Qualifications
Education and Experience
• A Bachelor’s in Computer Science and a minimum of five (5) years of technical experience in one or more of the following areas: computer and network security, vulnerability testing, security monitoring, computer forensic analysis, or intrusion detection, prevention, correlation, and analysis; or an equivalent combination of technical experience and education.
• Technical knowledge in logical and physical security in application, operational, facility, network, and computer (server, workstation, mobile, etc.) security.
• Experience in securing operating systems and network infrastructure.
• Experience in securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS.
• Exposure to and experience with systems administration and deployment knowledge for Linux, Windows, Tomcat, Apache, Oracle database, Cisco IOS devices, etc.
• Possess one or more of the following unexpired credentials or certifications as a member in good standing with the parent credentialing organization: Security+, CISSP, SANS, CEH, OSCP, GPEN, ISAM/ISRM, or other relevant industry security certification.
Skills and Abilities
• Understanding of cryptography and encryption fundamentals (symmetric/asymmetric, Public Key Infrastructure, Key Management, attacks on cryptography, etc.).
• Understanding of common cyber tactics, techniques, and procedures and the appropriate mitigations.
• Strong interpersonal and communication skills, including verbal, written, and documentation abilities.
• Must possess the ability to make accurate analytical decisions.
Preferred Qualifications
• Experience implementing, managing, and supporting a vulnerability management platform.
• Certified Ethical Hacking (CEH) and network penetration testing experience.
• Vulnerability assessment process and tools experience.
Physical Requirements and Working Conditions
• Able to report to physical work location 100% of the time.
• A valid state-issued driver’s license is required to operate a Ports Authority-owned motor vehicle.
• Vision is required to analyze and process various forms and documents utilized within the framework of performing assigned tasks.
• Hearing is required to adequately perform telecommunication functions.
• Ability to verbally communicate clearly with vendors, customers, co-workers, etc.
• Some irregular work hours may be necessary to perform regular assigned computer work.
• This role may require the signing of a Non-Disclosure Agreement (NDA) to protect confidential company information.
Additional Information
SC Ports Authority is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race; creed; color; religion; alienage or national origin; ancestry; citizenship status; age; disability or handicap; sex; pregnancy, childbirth or related medical condition; marital status; veteran status; sexual orientation; gender identity; genetic information; arrest record; or any other characteristic protected by applicable federal, state or local laws. Applicants have rights under Federal Employment Laws such as the Family and Medical Leave Act (FMLA) and the Employee Polygraph Protection Act (EPPA) and rights to equal employment opportunity. Our management team is dedicated to applicant and employee rights with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities and general treatment prior to and during employment.
All your information will be kept confidential according to EEO guidelines.