Cyber Security Specialist
What you'll do:
- Perform event and incident triage, threat hunting, and incident response (to include basic malware analysis and forensic investigations).
- Security Orchestration, Automation and Response (SOAR) specialist that can combine comprehensive data gathering, case management, standardization, workflow and analytics to provide ability to implement sophisticated defense-in-depth capabilities.
- Use industry-leading commercial and open source software to detect, evaluate, triage, prioritize, and respond to security events.
- Educate employees about the dangers of phishing by launching educational mock-phishing campaigns.
- Develop, maintain, and enforce security operations policies, standards, and processes (run books); seeking continuous improvement and driving efficiency.
- Manage cross-department collaboration and communication to ensure appropriate security processes, procedures and tools are installed, monitored, and effectively operating and alerting.
- Be an escalation point for cyber security incidents.
- Participate in on-call rotation.
- Serve as a Subject Matter Expert (SME). Provide expertise and understanding of all aspects of the Security Operations landscape, working with senior leadership to mold, shape, and expand the security operations footprint.
- Support vulnerability management and penetration tests.
- Provide guidance and support to the development of corporate information security policies, standards, and guidelines.
- Communicate with resource owners and end users to increase their awareness of security threats, protections, and applicable security policies and standards.
- Maintain a regular and predictable work schedule.
- Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Support Units and the Company. Interact appropriately with others in order to maintain a positive and productive work environment.
- Perform other duties as necessary.
What you'll need:
- BS degree in Information Technology or a related technical field plus 5 or more years related experience.
- Each higher-level degree, i.e., Master's Degree or Ph.D., may substitute for two years of experience. Related technical experience may be considered in lieu of education. Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.
- Security professional with 3-5 years of hands-on deep technical experience in the industry.
- Security analysis, threat hunting, forensics, flow analysis, and log management experience.
- IDS/IPS management, PCAP carving, file extraction, and long tail analysis experience.
- Strong understanding of attacker tactics, techniques, and procedures.
- Excellent written and verbal communication skills.
- Strong understanding of endpoint and network security.
- Strong understanding of SIEM technology and network forensics.
- Experience with or knowledge of vulnerability management and penetration testing of systems, applications, and networks.
- Preferred Security Certifications (but not required):
- GREM (highly preferred), OSCE, OSCP, GMON, GCED, GCIA, GCIH, GSEC, CISSP, etc.
- General understanding of industry standards, compliance, and legal guidelines:
- ISO 27001, NIST 800-53, SOC 2, SSAE 16, SOX, HIPAA, CIS Top 20 Critical Controls, etc.
- Ability to work well under minimal supervision.
- Strong team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel.
- Must be eligible to obtain a national security clearance/access.
- Work is performed in an office environment, laboratory, cleanroom, or production floor.
- Travel and local commute between Ball campuses and other possible non-Ball locations may be required.
Successful applicant for this position must be eligible to obtain a DoD clearance or government customer access to classified/sensitive material. A current DoD clearance is not required to be eligible for this position, however the successful applicant will be required to obtain a DoD clearance or government customer access within a reasonable time after the offer is extended and must be able to maintain the applicable clearance. *US Citizenship is Required. By applying to this position you are agreeing to complete a National Security Clearance Pre-Screen Questionnaire, if one is required, to evaluate your general ability to obtain the required security clearance or government customer access associated with this position.