JOB DESCRIPTION:

• Participate in the administration of security implementations (EPP/EDR, IPS/IDS, SIEM, etc.)
• Support the ongoing administration, design and use of the Security Information & Event Monitoring platform, ensuring audit trails, system logs and other monitoring data is reviewed and actionable.
• Support the ongoing administration, design and user of network segmentation tools and underlying concepts.
• Perform vulnerability assessments and reviews; facilitating remediation planning, exposure tracking, communicating risk, and reporting on mitigation status
• Lead the development of security control assessments for common platforms and the implementation of findings from said assessments
• Facilitate Incident Response activities as a Subject Matter Expert through the Incident Response life-cycle
• Provides security architecture knowledge and design concepts to Information Technology and Development teams.
• Apply or recommend adaptive security measures based on investigative findings and threat monitoring
• Participate in and coordinates application security reviews, working with third party assessors and application owners to identify and remediate findings
• Performs second level investigation into user reported threats such as phishing, machine compromise, advanced threats, etc.
• Advise management on best practices, current trends, and pertinent changes in internal/external threats and opportunities for improvement. Presents action plans for implementation and approval
• Perform threat hunting based on Tactics, Techniques and Procedures (TTPs) and threat reporting from information sharing organizations (US-CERT, FS-ISAC, etc.)
• Provide technical expertise to support vendor and project reviews.
• Performs all other duties and special projects as assigned.

PREFERRED TECHNOLOGY EXPERIENCE:

• Experience with network segmentation tools like Illumio, Guardicore, Zscaler ZWS, Cisco Tetration/ACI
• Significant Experience with SIEM technologies: Elasticsearch, Winlogbeat, Logstash, LogRhythm, Sigma
• Behavioral Endpoint Protection solutions: Cylance, SentinelOne, Crowdstrike
• Vulnerability Assessment services: Nexpose/InsightVM, Nessus, Qualys
• Network Detection Tools: Bro (Zeke), Suricata, Security Onion, etc.
• Firewall Technologies: Cisco ASA, Cisco Firepower, Palo Alto
• Familiar with any of Bash, Python, PowerShell

RELEVANT WORK EXPERIENCE:

• 5-7 years of combined Information Security and Technical Administration Experience.
• Experience with infrastructure and application security controls. This includes both designing and assessing security controls.
• Experience with Microsoft Azure, AWS, GCP or other cloud platforms a plus.
• Substantial experience with common information security management frameworks, MITRE ATT&CK, OWASP, CIS, International Standards Organization (ISO) 27001 and IT Infrastructure Library (ITIL).
• Substantial and advanced experience with security information and event management (SIEM) systems
• Substantial experience with IDS/IPS and other network security platforms
• Breadth and depth of technical and or functional expertise in security operations and other related areas within information technology departments such as Infrastructure, Engineering, Networking or Development
  Compensation: $125,000.00+
  

  LI-BS1

Please refer the Job description for details