Cyber Security Analyst

American Rheinmetall provides full services for complex mechanical products fabricated structures and systems that range from complete design services to prototype manufacturing testing production launch full rate production and product service and sustainment. American Rheinmetall provides quality products and services at affordable prices through a lean organizational structure and four facilities three in Michigan that span 910000 square feet and one in Ohio that span 800000 square feet. The Plymouth MI facility serves as corporate headquarters and specializes in suspension driveline and track systems. The Lansing and Lapeer Michigan based facilities specialize in fabrications and armor product solutions. American Rheinmetalls St. Marys Ohio facility manufactures rubber track products for agricultural construction and defense industries. Visit our website at

Title: Cybersecurity Analyst Reports To: Cybersecurity Manager

Department: Information Technology FLSA Status: Exempt

Pay Band/Salary: 3

Job Summary:

The Cybersecurity Analyst role will focus on threat intelligence and will be expected to manage various technologies at an advanced or expert level. The analyst is responsible for information security policy development and maintenance; coordinates the investigation and reporting of security incidents; works with auditors and examiners to ensure the network and systems are secure and meet regulatory guidelines; monitors and assesses the organizations information security and makes recommendations for improvement; and schedules/performs periodic penetration tests vulnerability assessments and risk assessments. There will be expectations to work non-traditional hours to support such duties.

Estimated Salary Range: $740000-$84000

Essential Functions:

• Participate in the creation of enterprise security documents (policies standards baselines guidelines and procedures)
• Review logs and reports of all in-place devices and interpret the implications of that activity and devise plans for an appropriate resolution.
• Participate in investigations into problematic activity.
• Participate in the design and execution of vulnerability assessments penetration tests and security audits.
• Assist in ensuring that the Company is up to date with the latest security standards patches network protocols and products.
• Recommend improvements to the current security posture.
• Identify areas where controls are lacking or inadequate.
• Assist in preparing the organization to respond to possible security incidents and breach.
• Research security architecture security technologies and security solutions.
• Understand current infrastructure and network architecture.
• Assess current security controls.
• Identify operational configurations of workstations as per the established baselines and take actions to remedy misconfigurations.
• Investigate potentially harmful emails and take actions to ensure that the threat is neutralized.
• Identify sensitive data locations and make suggestions for safeguarding said data.
• Be familiar with NIST 800-171 and the CMMC and apply standards.
• Identify areas in which the company must follow NIST 800-171.
• Assist in implementing or upgrading solutions pertaining to NIST compliance.
• Identify areas that the company needs to improve on for the CMMC.
• Assist in scheduling and leading Vulnerability Assessment meetings Risk Assessment meetings NIST compliance meetings CMMC task meetings or any other security related meetings.

Supervisory Responsibilities:

• No Supervisory responsibilities but will train/mentor quality techs

Minimum Qualifications:

To perform the job successfully an individual will need to perform the following competencies.

• Quantity of Work - The quantity of work produced and the promptness with which it is completed.
• Quality of Work - The ability displayed and accuracy of work produced meeting company standards and requiring little to no rework.
• Judgement/Knowledge of Job - Knowledge of job techniques skills equipment procedures materials etc. Be extremely familiar with NIST 800-171
• Attendance/Dependability - Punctuality and attendance.
• Teamwork/ Attitude - Willingness and cooperativeness with co-workers and supervisors; ability to accept constructive criticism.
• Initiative/Independence - The degree to which an employee searches out new tasks and expands their ability to perform assigned tasks without direct supervision.

Preferred Qualifications:

• Basic knowledge of security risks & strategies SIEM antivirus proxies firewalls and intrusion detection concepts tools and processes.
• Knowledge of CMMC preferred
• Experience working with Linux Systems and cybersecurity best practices.
• Experience with Fortinet equipment and security certifications such as Security CISSP CEH OSCP etc. is desired but not required.

Education:

• Bachelors degree in cybersecurity or related STEM field with 1-2 years related experience and/or training.

Background Prerequisites:

• Must undergo and meet company standards for background check employment verification reference checks and controlled substance testing.

Working Conditions and Physical Demands:

With or without reasonable accommodations requires the physical and mental capacity to perform effectively all essential addition to other demands the demands of the job include:

• While performing the duties of this job the employee is occasionally required to stand; walk; sit; use hands to finger handle or feel and reach with hands and arms. The employee may occasionally lift to 25 pounds. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

Equal Employment Opportunity Statement:

American Rheinmetall provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race color religion gender sex (including pregnancy) gender identity national origin age disability or marital status in accordance with applicable federal state and local laws. This policy applies to all terms and conditions of employment including but not limited to hiring placement promotion termination layoff recall transfer leaves of absence compensation and training.