Detect, respond to, contain, eradicate and recover from cyber security events and incidents in order to allow for a secure, robust, and reliable environment.
DUTIES AND RESPONSIBILITIES
Administers security controls and software such as antivirus, anti-spam, intrusion detection/prevention (IDS/IPS), security incident and event management (SIEM), endpoint detect and respond (EDR), forensic response and vulnerability management solutions.
Monitor and conduct analysis on network, system and application logs utilizing Security Incident and Event management (SIEM) toolsets, IDS/IPS, EDR, etc. This includes responding to and investigating alerts, developing new security monitoring use cases and following through on issues and risk mitigation.
Analyzes cybersecurity event data and information sources for attack indicators and works to provide detections, corrections, and the implementation of countermeasures to ensure protection of enterprise assets.
Responds to, investigates, and analyzes events to determine actions to be taken, including ensuring the proper protections or corrective actions.
Analyzes business impact and exposure based on emerging security trends, vulnerabilities, and risk. Communicates security risks and solutions to business and IT staff as needed.
Improves security efficiency and streamlines/automates work processes while working collaboratively with other team members and IT staff to accomplish objectives.
Evaluates the implementation of new systems and/or network protections based on overall risk, security best practices, and corporate standards.
Maintain situational awareness on latest cyber threats and enacts additional protections and detection capabilities where necessary.
Supports overall capabilities relative to Cyber Security including monitoring, forensic response, threat management and system support of security operations toolsets. This includes advanced investigations, proactive monitoring, malware analysis, tracking of campaigns & threat actors, optimization and tuning of threat cases, log maintenance, etc.
Contributes to the development and maintenance of information security strategy and architecture.
Education and Experience
Bachelor's degree or Associate's degree with equivalent experience.
Five to ten years of experience in a security field and experience with current industry security best practices within the last three years.
Industry certifications or training in cyber security incident management such as Certified Information Systems Security Professional (CISSP), Security+, etc.
Knowledge and Skills
Knowledge of and experience with multiple technologies such as SIEM, patch and vulnerability management, EDR, identity management, antivirus and anti-spam solutions, etc.
Advanced working knowledge of threat analysis, threat mitigation strategies, and security best practices.
Skilled in operating system internals and malware reverse engineering.
Advanced capabilities in threat hunting, log correlation and analysis.
Knowledge of and experience with threat intelligence communities and how to effectively leverage content.
Keen understanding of the Cyber Kill Chain and the ability to implement applicable protections and detections.
Experience in automation associated with cyber tools, techniques and processes (TTPs).
Ability to advise and influence IT system architects, technical project teams, and the business relative to controls necessary to mitigate risk while aligning with corporate standards.
Demonstrated ability to learn new technologies with minimal support and guidance.
Independent thinker; must be able to prioritize work and plan future activities.
Working knowledge of NERC CIP and security associated with ICS systems a plus.
Strong analytical and problem-solving skills to enable effective security incident and problem resolution.
Advanced skills in analyzing data, recognizing unanswered questions, and seeking out answers until a thorough understanding of security risk operational needs and/or limitations is reached.
Advanced ability to interact, communicate, document, and consult with various levels of management throughout the organization including the Security team, other Information Technology staff, and business units.
In-depth technical knowledge in implementing data protection and integrity, operating systems and network security, authentication, and security protocols.
Able to work within both documented and undocumented processes and to improve those processes.
Strong written and oral communication skills with the ability to interact effectively at all levels of responsibility and authority.
If you are interested in applying for this position, click on "Apply for this Position" below. However, if you are already logged in, click on the "Add To My Jobs" below.