This position is a key contributor supporting the organization as a member of the Architecture, Engineering, and Incident Response group within Information Security. The role is a subject matter expert in the areas of network & infrastructure security. This position is a hands-on engineering role with technical management responsibilities as needed.
- Mitigates risk of the organization’s vulnerability to Cybersecurity attacks through engineering/installation/management of a Security Information Event Management (SIEM) system.
- Monitors systems/network for security breaches/intrusions using the SIEM system to audit and maintain security controls to ensure compliance with regulatory policies. Identifies any weaknesses and recommends enhancements to existing monitoring and security operations.
- Participates in the deployment and operation of information security systems, including integration, testing, troubleshooting, and updating/upgrading of various security tools and appliances.
- Develops signatures for Indicators of Attack (IoA) and Indicators of Compromise (IoC) to enhance the capabilities of existing technical controls or the cleanup required for affected systems.
- Participates in full stack risk assessments including architecture, implementation, integration, and user related risk vectors.
- Bachelor’s degree in Computer Science or related field
- Certified Information Security Systems Professional (CISSP) required (or ability & commitment to obtain within 2 years).
- Master’s degree
- Certified Information Security Manager (CISM) certification, Certified Information Systems Auditor (CISA) certification, or SANS/GIAC (Global Information Assurance Certification) (multiple disciplines apply)
- Minimum of 8 years of experience in information technology network services and security
- Experience utilizing, tuning, maintaining, and extending commercial SIEM solutions
- Well versed in the open systems interconnection (OSI) model with proven expertise and subject matter ownership of layers 1-4.
- Experience in the creation and analysis of NetFLow, packet capture (PCAP), and other packet data formats and identifying root cause (patient zero) source, propagation routes, vectors, and mechanisms from PCAP data to contain an ongoing issue or quantify resulting damage.
- Proficient in attribute disambiguation, context, and event timeline creation using standard open source and commercial tools.
- Ability to enhance the efficacy of technical controls (AV, APT, FW, et al) through the use of STIX, TAXII, and CybOX intelligence sharing mechanisms.
- Working competency in the use of standard scripting languages such as Python, Perl, Go, et al.
- Experience working with large data sets using standard tools and methodologies and with data visualization applications and tools such as DAVIX and Tableau.
- Expertise presenting data and resulting analysis in a clear and concise manner to technical, business, and legal audiences.
- Demonstrated effective verbal and written communication skills.
- Experience with open source platforms such as Elasticsearch
- Experience with YARA