M&T Bank Cybersecurity SIEM/QRadar Defense Specialist Millsboro DE or Buffalo, NY
Basic Function: Cyber Defense Analyst - Uses defensive measures and information collected from a variety of sources to identify, analyze and report events that occur or might occur within the network in order to protect information, information systems and networks from threats.
Responsibilities: Coordinate and provide expert technical support to enterprise-wide cyber defense analysts to resolve cyber defense incidents.
Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).
Perform cyber defense incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation.
Create, edit and manage network access control lists on specialized cyber defense systems(e.g., firewalls and intrusion prevention systems).
Design, develop, integrate and update system security measures that provide confidentiality, integrity, availability, authentication and non-repudiation
Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations.
Provide input and assist in the development of plans and guidance.
Provide subject matter expertise in course of action development.
Track status of information requests, including those processed as collection requests and production requirements, using established procedures
Work closely with planners, intelligence analysts and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date.
Provide timely detection, identification and alerting of possible attacks/intrusions, anomalous activities an misuse activities and distinguish these incidents and events from benign activities.
Examine network topologies to understand data flows through the network.
Recommend computing environment vulnerability corrections.
Identify and analyze anomalies in network traffic using metadata(e.g. CENTAUR).
Conduct research, analysis and correlation across a wide variety of all source data sets (indications and warnings).
Collect and analyze intrusion artifacts (e.g., source code, malware and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
Conduct analysis of log files, evidence and other information in order to determine best methods for identifying the perpetrator(s) of a network intrusion or other crimes.
Analyze incident data for emerging trends.
Knowledge of: Complex data structures
kKey concepts in security management (e.g., Release Management, Patch Management)
Security system design tools, methods and techniques; sustainment technologies, processes and strategies
Test and evaluation processes; the acquisition/procurement life cycle process Network analysis tools used to identify software communications vulnerabilities program protection planning to include information technology (IT) supply chain security/ risk management policies, anti-tampering techniques and requirements
Current and emerging data encryption (e.g., Column and Tablespace Encryption, file and disk encryption) security features in databases, including built-in cryptographic key management features
Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications; cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored and nation sponsored)
Analytic tools and techniques; organizational and partner authorities, responsibilities, and contributions to achieving objectives
Organizational and partner policies, tools, capabilities and procedures Organizational hierarchy and cyber decision making processes
Data flow from collection origin to repositories and tools; organization's planning, operations and targeting cycles; organizational plans/directives/guidance that describe objectives
Role of network operations in supporting and facilitating other organization operations
Organization planning and staffing process
Who the organizations' operational planners are, how and where they can contacted and what are their expectations
Skills: Skill in developing operations-based testing scenarios
Evaluating the adequacy of security designs; implementing, maintaining and improving established network security practices
Determining how a security system should work and how changes in conditions, operations, or the environment will affect these outcomes
Installing system and component upgrades
Using security event correlation tools
Using code analysis tools
Configuring and utilizing computer protection components (e.g., hardware firewalls, servers, routers, as appropriate)
Performing root cause analysis
Analyzing a target's communication networks
Analyzing language processing tools to provide feedback to enhance tool development
Analyzing traffic to identify network devices; applying crisis planning procedures Auditing firewalls, perimeters, router and intrusion detection systems
Conducting social network analysis, buddy list analysis and/or cookie analysis Determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environment Developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics Developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exist Information prioritization as it relates to operations to articulate a needs statement/requirement and integrate new and emerging collection capabilities, accesses and/or processes into collection operations to create and maintain up-to-date planning documents and tracking of services/production; network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tool
Extracting information from packet captures
Identifying a target's network characteristics
10 years of experience in two or more of these Cybersecurity domains:security and risk management; asset security; security engineering;communication and network security; identity and access management; security testing; and security operations.
Direct hands-on experience in security incident and event management(SIEM) platforms (e.g. ArcSight, QRadar, Splunk).
12 years of experience in two or more of these Cybersecurity domains: security and risk management; asset security; security engineering; communication and network security; identity and access management; security testing; and security operations.
Direct hands-on experience with the IBM QRadar SIEM platform
Five years of involvement in systems analysis and application development.
Detailed knowledge of the Bank's application framework.
Proficiency in programming languages, particularly scripting languages (e.g.python)