Senior Cyber Security Specialist
Posted: October 11, 2016
Reference ID: 00001FRM
Individuals within the Information Security Office plan, execute, and manage multi-faceted projects related to cyber security to detect, prevent and respond to threats that is affecting the company. Individual should have a mindset of a defender and should be able to operate in a fast paced environment working closely with our infrastructure team which includes Network, Firewall, Server and application teams.
They are focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization. These individuals provide expertise and assistance to ensure the company's infrastructure and information assets are protected.
Individuals develop security policies and procedures such as security breach escalation procedures, incident response plan and exercises, security assessment procedures, use of firewalls and encryption routines, customizing threat feeds, work with security operation center, monitor and analyze threat and vulnerabilities, deploy solutions to protect network, email and endpoint devices
These professionals work directly with the customers, third parties and other internal departments and organizations to facilitate information security management processes and to identify vulnerable areas. They also communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues.
LOCATION : Frisco, TX or Chesterbrook, PA 19087 (remote not available)
PRIMARY DUTIES AND RESPONSIBILITIES:
Qualifications: EXPERIENCE AND EDUCATIONAL REQUIREMENTS:
- Monitors networks for signs of adversarial activity as a key member of the Cybersecurity Command Center
- Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event intelligence and summary information
- Detects the full spectrum of known cyber-attacks (e.g., DDoS, malware, phishing, ransomware & others) along with any security and compliance violations
- Provides Tier III technical expertise on post event security intelligence and trend analysis
- Guide, mature and work with the security operations team to build a top of the line security command center
- Performs user and entity behavior analytics to develop predictive cybersecurity capabilities
- Responds to alerts from various monitoring systems and platforms to address potentially malicious events in a timely manner
- Independently leads computer incident investigations, determining the cause of the security incident and preserving evidence for potential legal action
- Routinely develops and updates incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats
- Provides other services as a key member of the Cybersecurity team:
- Security review of changes to networks, servers and end point devices in collaboration with infrastructure operations
- Security review of encryption policies, sensor policies for IDS/IPS, Firewalls, web security gateway, logging
- Cloud and IoT security strategy and planning
- Configuration monitoring.
- Investigations and Forensics
- Proposes additional components and techniques that could be used to proactively detect and prevent malicious activity.
- Manages day-to-day relationship with security and infrastructure services partners
- Conducts research of emerging security threats.
- Develops security solutions for critical and/or highly complex assignments.
- Leads multiple projects or programs.
- Develops remediation strategies and risk responses associated with the protection of infrastructure and information assets.
- Mentors less-experienced team members.
MINIMUM SKILLS, KNOWLEDGE AND ABILITY REQUIREMENTS:
- Bachelor's Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
- Typically requires 7-10 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 5 years' experience designing and deploying security solutions at the enterprise level.
- Requires Security Certification(s) (i.e., Certified Information Systems Security Professional (CISSP), or Certified Information Security Manage (CISM).
- Ability to work effectively on a day-to-day basis with key security partners
- Experience developing security and analysis tools using Python, Bash, JSON (jq), and other technologies
- Experience with SIEM platforms, including integration, alerting, and automation development
- Experience with visualization platforms and technologies as they apply to threat intelligence analysis
- Experience applying structured analytical methodologies to threat monitoring and intelligence analysis, e.g. Cyber Kill Chain
- Experience with Network protocols and packet analysis tools
- Must know SSL/TLS, HTTP, DNS, SMTP, IPsec, PKI, proxies, TCP/IP, VM, Wireless, VPN
- Solid understanding of cloud based critical infrastructure systems security threats
- Deep experience with cyber security in the domains of cyber threat intelligence and analysis, security monitoring and Incident Response
- Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures.
- Detailed experience of network and system vulnerabilities, malware, networking protocols, multi-tiered applications and attack methods to exploit vulnerabilities.
- Experience in a technical security role, including network security, operating system security, Internet or Web security, Data Loss Prevention (DLP), anti-malware, IDS/IPS, and penetration and vulnerability testing
- Maintain a basic knowledge of working with Hadoop
- Good analytical and problem solving skills
- Ability to communicate effectively both orally and in writing
- Good interpersonal skills
- Ability to prioritize work load and consistently meet deadlines
- Strong organizational skills; attention to detail
- Ability to lead and provide direction to project teams
- Strong consultative skills; ability to interface effectively with technical and non-technical leaders.
- Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.
- Demonstrated sound understanding of at least 3 of the following standards such as ISO 27001/27002, COBIT, ITIL, NIST and PCI
- Certification in at least 2 Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and business experience in a matrix Organization required
- Directly applicable International / Global Experience required