IT Security Engineer


King Of Prussia, PA, US

Company:  AmeriGas Propane, Inc.
Remote Options: 

When you work for AmeriGas, you become a part of something BIG! Founded in 1959, AmeriGas is the nation’s premiere propane company, serving over 1.5 million residential, commercial, industrial and motor fuel propane customers. Together, over 6,500 dedicated professionals will deliver over 1 billion gallons of propane from 1,800+ distribution points across the United States.

Job Summary


The Global Cyber Security Engineer will support and administer cyber security initiatives for all software and hardware based systems. This individual will work under the direction of the Global Manager –Cyber Security Threat Intelligence & Protection to perform assessments, monitoring, threat analysis, security engineering and to contribute to the development of the overall cyber security program. In addition, the individual will assist in the ongoing risk assessment program, security governance and security awareness training activities.


Key Characteristics:


•    Strong understanding of security and infrastructure architectures and technologies.
•    Experience in developing, implementing, advancing, and supporting security tools and procedures.
•    Demonstrated ability to troubleshoot with limited information.

Duties and Responsibilities


•    Analyze results from scheduled vulnerability and penetration testing, follow up with IT staff on issues found and maintain issue tracking on all open security issues. 
•    Partner with system security architect and support security designs.
•    Configure and troubleshoot security infrastructure devices. 
•    Interprets various federal, state, and industry frameworks for security, including but not limited to PCI DSS, SOX, ISO/IEC 27001, OWASP Top Ten, CIS Critical Security Controls, NIST, and advises management of any changes. 
•    Develop technical solutions using security tools to help mitigate security vulnerabilities and automate repeatable tasks. 
•    Performs assessments of newly deployed technologies to ensure risks are mitigated. 
•    Performs PoC (Proof of Concept) assessment evaluations on new products. 
•    Responsible for creating and communicating virus and patch protection alerts, monitoring and auditing patching and anti-virus compliance for critical vulnerability and virus risks. 
•    Utilize experience, resources, and tools to safeguard information system assets by identifying and solving potential and actual security problems. 
•    Understand the architecture of all infrastructure security systems and deployments and work with management to address potential issues.
•    Maintain understanding of all computer operating system hardware, software, and communications platforms and protocols in use in the enterprise and develop standards for their secure deployment. 
•    Assist in maintaining and/or creating computer incident response documentation and methodology for responding to security events. 
•    Assist in creating and maintaining IT security policies and procedures. 
•    Research new InfoSec trends and analyze Threat Intelligence reports.
•    Assist with the annual compliance efforts and collect all relevant data for the examination under the direction of management. 
•    Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risk and assessing residual risk. 

Knowledge, Skills and Abilities


•    Advanced analytical and problem solving skills.
•    Strong interpersonal skills.
•    Strong working knowledge of networking, routing, protocols, ports and services.
•    Working knowledge of System Information Event Monitoring (SIEM), Intrusion Detection and Prevention System (IDS/IPS), vulnerability scanning tools, encryption capabilities, Network Access Controls (NAC), Data Loss Prevention (DLP), NMAP, Vulnerability scanners, Wireshark, and other security related tools
•    Working knowledge of Linux and Microsoft Windows Active Directory, Windows operating systems and server / endpoint skills and experience. 
•    Demonstrated experience in conducting security assessments. 
•    Demonstrated experience in investigating security issues related to Internet, server, desktop, laptop, tablet and other mobile device security issues; OS patching, hardening and anti-virus. 
•    Understanding of data network configuration and infrastructure concepts, including TCP/IP, DNS, routers, firewalls, web servers and security hierarchy including the application of encryption key infrastructures and authentication processes. 
•    Knowledge of cloud security concepts (Azure / AWS).
•    Programming logic concepts, scripting experience (Powershell, Python, Bash) a plus. 
•    Excellent oral and written communication skills.
•    Ability to follow established processes and guidelines for Change Management, Release Management, Problem and Incident management.
•    Team player with strong organizational skills, a positive attitude and customer service orientation.
•    Innovative thinker who is able to see the big picture while remaining attentive to the details.
•    Experience with MS productivity tools (Word, Excel, PowerPoint, Visio).

Education and Experience


•    A minimum four years of experience in Information Security. Previous general IT systems and networking background strongly preferred. 
•    SANS/GIAC, CompTIA, ISC2, Cisco, Microsoft, Offensive Security or similar certifications preferred.


Working conditions:


•    Normal office environment
•    May require travel 
•    May require on-call responsibilities
•    Must be in driving distance to the Pennsylvania offices (Valley Forge, Denver and Wyomissing)
•    Must have a conducive work from home environment in order to be productive 


AmeriGas is an Equal Opportunity and Affirmative Action Employer.  The Company does not discriminate on the basis of race, color, sex, national origin, disability, age, gender identity, sexual orientation, veteran status, or any other legally protected class in its practices.


AmeriGas is a Drug Free Workplace. Candidates must be willing to submit to a pre-employment drug screen and a criminal background check. Successful applicants shall be required to pass a pre-employment drug screen as a condition of employment, and if hired, shall be subject to substance abuse testing in accordance with AmeriGas policies. As a federal contractor that engages in safety-sensitive work, AmeriGas cannot permit employees in certain positions to use medical marijuana, even if prescribed by an authorized physician.  Similarly, applicants for such positions who are actively using medical marijuana may be denied hire on that basis.

Nearest Major Market: Philadelphia

Job Segment: Cyber Security, DBA, Cloud, Testing, Behavioral Health, Security, Technology, Healthcare