Job Description
Contract term: 3 year contract
Work model: Hybrid, least 2 days a week near Union Station; 7 hour days
1.0 Description of Assignment
The candidate will defend against cybersecurity incidents and identify, analyze, communicate and contain incidents as they occur.
2.0 Skills and Certifications
Mandatory Skills/Certifications
- BS or MA in computer science, information security, cybersecurity or a related field
- 3+ years of experience in IT audit, enterprise risk management, penetration tester, red team/incident responder, or as a junior security operations analyst.
- 3+ years of experience with regulatory compliance and information security management frameworks (such as International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)
- Certificates such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)
Other Skills/Certifications
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans or behaviors
- An understanding of organizational mission, values, goals and consistent application of this knowledge
- Strong problem-solving and troubleshooting skills
3.0 Assignment Duties
- Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems
- Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
- Deploy cloud-centric detection to detect threats related to cloud environments and services used by the organization
- Correlate activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
- Review alerts and data from sensors, and documents formal, technical incident reports
- Work with threat intelligence and/or threat-hunting teams
- Provide network subscribers with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
- Support the creation of business continuity/disaster recovery plans, including conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies
- Work with security information and event management (SIEM) to manage/tune the system, create/manage the detection content and actively watch for alerts
- Correlate network, cloud and endpoint activity across environments to identify attacks and unauthorized use
- Research emerging threats and vulnerabilities to aid in the identification of incidents
- Provide users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
- Perform security standards testing against computers before implementation to ensure security
4.0 Deliverables
Deliverables include:
- Identifying, deploying, configuring, and managing security infrastructure.
- Addressing Support Tickets