System Security Analyst

System Security Engineer I

Hybrid

SIG SAUER, Inc. is a leading provider and manufacturer of firearms, electro-optics, ammunition, air guns, suppressors, remote controlled weapons stations, and training. For over 250 years SIG SAUER, Inc. has evolved, and thrived, by blending American ingenuity, German engineering, and Swiss precision. Today, SIG SAUER is synonymous with industry-leading quality and innovation which has made it the brand of choice amongst the U.S. Military, the global defense community, law enforcement, competitive shooters, hunters, and responsible citizens. Additionally, SIG SAUER is the premier provider of elite firearms instruction and tactical training at the SIG SAUER Academy. Headquartered in Newington, New Hampshire, SIG SAUER has over 3,200 employees across twelve locations in three states and is a certified Great Place to Work. For more information about the company and product line visit: sigsauer.com.

Position Summary:

The System Security Engineer I will be part of the Information Security Department that is responsible for securing the confidentiality, integrity, and availability of SIG SAUER's information and systems. The System Security Engineer I will assist in monitoring and maintaining SIG SAUER's information security tool stack, which includes Domain Name System (DNS) monitoring, Data Loss Prevention (DLP), spam/anti-phishing detection software, vulnerability scanners, and anti-virus (AV) systems. Additionally, the analyst will work closely with third-party security providers (e.g., Security Information and Event Management (SIEM), Managed Data Detection & Response (MDDR)). The System Security Engineer I will be responsible for triaging alerts generated by the information security tool stack and work with SIG SAUER's IT team and third-party providers to remediate such alerts when applicable. Additionally, during a cyber incident, the System Security Engineer I will serve as a member of the Security Operations team, fulfilling the role of the Incident Scribe as enumerated in SIG SAUER's Cyber Incident Response Plan (CIRP). Finally, the System Security Engineer will monitor SIG's ticketing system for requests from internal SIG users, such as email investigations and access requests.

This position reports to the Senior System Security Engineer, who supports the Director of Information Security in defining and advancing the Information Security Team's strategic goals. The Director, who reports to the Chief Strategy and Digital Officer, sets and oversees the Information Security Team's initiatives, ensuring they align with the broader objectives of the SIG organization.

FLSA: Exempt

Job Duties and Responsibilities:

• Assist in the configuration and management of security tools and technologies
• Monitor and triage alerts from SIG SAUER's security stack (e.g., SIEM, DLP, and AV).
• Work with SIG's MSSPs to tune and enhance SIEM and DLP solutions
• Monitor SIG SAUER's spam filters and provide recommendations on protective actions
• Analyze, investigate, report, and remediate cyber threats
• Conduct vulnerability scans, report findings and recommendations to senior team members
• Work with IT teams (e.g., Applications, Infrastructure, Networking) to remediate vulnerabilities
• Monitor SIG's internal ticketing system and respond to internal customer requests
• Conduct user account audits and correct discrepancies
• Serve as a member of the "Security Operations Team" and "Incident Scribe" during a cyber incident
• Assist senior team members in meeting organizational needs and completing other duties as assigned

Education/Experience & Skills:

• Bachelor's degree in cyber security, computer science or a related discipline
• 1-3 years of experience in a cyber or information security role
• Hands-on experience with security monitoring and incident response
• Industry certification such as CompTIA Security+ or CySA+ preferred
• Experience with Microsoft Intune preferred
• Understanding of SIEM, DLP, spam filters and anti-virus tools
• Experience running vulnerability scans and processing results
• Understanding of security control frameworks and compliance standards (e.g., NIST)
• Understanding of operating systems such as Microsoft and Linux
• Ability to quickly adapt and change priorities as business needs change
• Must be detailed and results-oriented
• Ability to clearly express ideas and information to senior team members

Working Conditions:

• Prolonged periods of sitting at a desk and working at a computer using a keyboard and mouse performing repetitive task.
• Ability to open file cabinets, reach with hands and arms, bend, and twist, lift and move files.
• Ability to lift up to 25 pounds.
• Must wear required Personal Protective Equipment (PPE) where required.
• Must comply with all work exposure EH&S training requirements and adhere to SIG SAUER Inc. Security Mandates.

SIG SAUER, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.