Senior-level, highly technical position supporting InformationSecurity and CyberThreat Management programs. This specialized expert handles and directs complex and multifaceted informationsecurityinvestigations. The role will significantly contribute to thesecurity of BB&T’snetwork.
Essential Duties and Responsibilities:
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Lead cyberinvestigations for escalated, complex computer security incidents using computer forensics, networkforensics, root cause analysis and malware analysis.
2. Develop tactical and strategic cyber intelligence by acquiring threat intelligence and technical indicators from external and internal sources.
3. Engage in threat hunting activities to proactively search for threats in the enterprise environment.
4. Create and maintain use cases for recurring investigation/incident triggers in support of the 24/7 Cyber Threat Operations and Cyber Threat Management program.
5. Create and maintain playbooks used in response for investigation/incident triggers in support of 24/7 Cyber Threat Operations and Cyber Threat Management program.
6. Guide security strategy through interaction with and direction to, when necessary, other teams in Information Security (e.g. network operations, Cyber Threat Operations Center (CTOC), vulnerability management) along with information and liabilityrisk officers and technology management.
7. Aid team members for enhancement and enrichment of security monitoring tools with contextual information.
8. Identify new threat tactics, techniques and procedures used by cyberthreat actors.
9. Publish actionable threat intelligence for business and technology management.
10. Deliver expert cyber intelligence services and material to information technology and business leaders.
11. Prepare appropriate threat intelligence content for customer and executive presentations.
12. Provide mentoring for junior level analysts and specialists.
13. Adhere to all policies and standards, as well as regulatory requirements regarding reporting and escalations.
Required Skills and Competencies:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. Bachelor’s degree in Computer Science or related field, or equivalent education and related training
2. Broad knowledge of general IT with mastery of two or more of the following areas: operating systems, networking, computer programing, web development or database administration
3. Demonstrated advanced knowledge of cybersecurity operations with master of two or more of the following: attack surface management, Security Operations Center (SOC) operations, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information and Event Management (SIEM) use, threats (including Advanced Persistent Threat (APT), insider), vulnerabilities, and exploits; incident response, investigations and remediation
4. Demonstrated experience with systems for automated threat intelligence sharing using industry standard protocols such as Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indication Information (TAXII)
5. Advanced knowledge of processes, procedures and methods to research, analyze, and disseminate threat intelligence information
6. Ongoing passion for learning about information security through self-education
7. Ability to formulate, lead and persuade individuals, large teams and communities on ideas, concepts, and opportunities
8. Consistent history of delivering on commitments
9. Critical thinking and problem solving skills
10. Knowledge of the incident handling procedures and intrusion analysis models
11. Ability to work independently with limited supervision
12. Proven communication skills, both written and verbal, to both business and technology audiences
13. Demonstrated proficiency in basic computer applications, such as Microsoft Office software products
14. Ability to travel, occasionally overnight
- Linux (user or Sys Admin)
- Virtualization technologies (VMWare, VirtualBox, etc.)
- Scripting/Programming/Automation experience (Python, Perl, etc.)
- Log parsing experience
- Splunk/Splunk ES experience ( writing basic and/or complex queries)
- Experience as an Incident Responder (CSIRT/SOC Analyst/Intel Analyst/Forensics)
- Experience with Open Source security tool sets (e.g. Snort, Bro, Cuckoo, Moloch, Suricata, etc)
- Experience with Malware Sandbox technologies
1. Ten years of experience
2. Industry certifications in general technology (e.g. Microsoft Certified Professional (MCP), Microsoft Certified Solutions Expert (MCSE), Network+)
3. Industry certifications in cybersecurity and forensics, such as Certified Information Systems Security Professional (CISSP), Certified Forensic Computer Examiner (CFCE), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH) and other related credentials
4. Industry certifications in networking, such as Cisco Certified NetworkAssociate (CCNA), Certified Wireless Network Administrator (CWNA) and/or Net+
5. Experience in the Intelligence Community (IC)
6. Demonstrated leadership skills