Job Description

1.0        Description of Assignment

The candidate will defend against cybersecurity incidents and identify, analyze, communicate and contain incidents as they occur.

2.0        Skills and Certifications

Mandatory Skills/Certifications

• BS or MA in computer science, information security, cybersecurity or a related field
• 3+ years of experience in IT audit, enterprise risk management, penetration tester, red team/incident responder, or as a junior security operations analyst.
• 3+ years of experience with regulatory compliance and information security management frameworks (such as International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)
• Certificates such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)

Other Skills/Certifications

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An ability to effectively influence others to modify their opinions, plans or behaviors
• An understanding of organizational mission, values, goals and consistent application of this knowledge
• Strong problem-solving and troubleshooting skills

3.0        Assignment Duties

1. Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems
2. Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
3. Deploy cloud-centric detection to detect threats related to cloud environments and services used by the organization
4. Correlate activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
5. Review alerts and data from sensors, and documents formal, technical incident reports
6. Work with threat intelligence and/or threat-hunting teams
7. Provide network subscribers with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
8. Support the creation of business continuity/disaster recovery plans, including conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies
9. Work with security information and event management (SIEM) to manage/tune the system, create/manage the detection content and actively watch for alerts
10. Correlate network, cloud and endpoint activity across environments to identify attacks and unauthorized use
11. Research emerging threats and vulnerabilities to aid in the identification of incidents
12. Provide users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
13. Perform security standards testing against computers before implementation to ensure security

4.0        Deliverables

Deliverables include:

1. Identifying, deploying, configuring, and managing security infrastructure.
2. Addressing Support Tickets