The ICE Cybersecurity Architecture team is responsible for global Cybersecurity engineering and architecture in a highly-regulated critical financial infrastructure environment.
- Security Analytics - Designs and maintains security data flow from network endpoints through aggregation, retention, parsing, SIEM correlation and datalake mining
- Behavioral Analysis - Identifies and implements tools to baseline activity and alert or limit suspicious activity and insider threat among networks, databases, data and users
- Intrusion Detection and Prevention - Maintains commercial and open source wired and wireless infrastructure, tweaking rules to limit false positives and keep up with new threats while producing actionable data. Designs and manages Web Application Firewall (WAF) logic and rule sets
- Content Filtering and Advanced Threat Protection – Designs and adjusts egress content filtering, and advanced network and endpoint-based malware prevention and detection controls
- Software Engineering - builds custom tools to automate SOC triage and response activities to combat phishing, lateral movement, system monitoring and security workflow
- Visualization - Identifies new solutions and enhances existing open source and bespoke visualization toolsets to identify trends, compress event triage, understand data flows, identify anomalies and automate reporting and analysis
Knowledge and Experience
- Bachelor's in Engineering, MIS, CIS or related discipline
- Hands-on experience with Systems Administration and/or IP Networking
- Experience supporting an advanced software development organization
- Experience in an exchange, trading facility or financial services
Specific Technologies: Data collection, normalization, indexing, correlation, and visualization. Packet capture, protocol identification, and analysis. Network, application, and log-based behavioral detection tools. DNS and application-level content-filtering. SMTP content, header, and attachment detection, filtering, and analysis. Network and WAF configuration, tuning, and optimization. Scripting, regular expressions, string-parsing, light SDLC, and project management.