Participate in building and maintaining security solutions for the organization. Responsible for executing the company’s Computer Security Incident Response Team (CSIRT) function. This involves event monitoring, and incident response, to include utilizing security capabilities to aid in event categorization, triage, communication, and effective incident response cycles.
- Assist with the strategy for the Vulnerability Management Program.
- Help prioritize resources and protections according to their classification, criticality, and business value.
- Assist with security risk management process.
- Manage corporate antivirus program to ensure antivirus solution is running and updated, on all hosts.
- Perform tabletop testing for Incident Response/CSIRT testing and planning.
- Assist with running the Vulnerability Management Program, to include coordination, organization, and execution.
- Ensure systems are configured according to Least Privilege and Functionality.
- Ensure data is adequately protected (at rest and in transit).
- Work with IT partners to ensure all backups are conducted, maintained, and tested for failures and accuracy.
- Assist with Security Awareness training.
- Help develop protections against data leaks.
- Monitor Security information and event management platform (SIEM).
- Monitor Automated Malware Analysis / Breach Detection System.
- Monitor Antivirus System.
- Monitor Secure Web Gateway.
- Utilize company capability to analyze network flows for security anomalies.
- 24/7 | 365 responsibility for monitoring for security events and incidents (in coordination with the Network Operations Center (NOC)).
Respond & Recover
- Perform and coordinate CSIRT (IR) process for all potential security events and incidents.
- Ensure CSIRT process is followed accurately and event/incident reports are generated, as needed, while working with the NOC and other applicable groups.
- Perform and communicate Lessons Learned Assessment post all major security Incidents.
- U.S. Citizenship required
- 3-5 years of relevant professional experience
- Bachelors degree in Information Technology, Security, Engineering or related field
- Linux administration experience, preferably Ubuntu and CentOS, with expert knowledge of the Linux Command Line Interface
- OSX and Windows expertise
- Knowledge of implementing and maintaining SIEM / logging solutions
- Incident Response and Forensics experience
- Experience with top-tier Breach Detection / Automated Malware Analysis Systems
- Heavy experience with Intrusion Detection Sensor configuration and deployment
- Experience with Vulnerability Assessment and Management Tools
- Solid networking experience – BGP, routing, NAT, subnetting, CIDR, and VLANs
- Experience monitoring cloud environments – AWS, Azure, etc
- VMware/Virtualization experience a plus
- PEN Testing experience a plus
- Data Loss Prevention (DLP) experience a plus
- Industry Recognized Certification Preferred – CISSP, CISM, SSCP, GIAC, CEH, Security +, etc
- Splunk experience strongly desired