Engineer – Cyber Security Operations – IR

Engineer – Cyber Security Operations – IR

Requirements

• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• Ability to apply techniques for responding to host and network-based intrusions using incident response technologies and techniques.
• 5+ years of experience in a related field preferred
• Bachelor’s or above in related field or equivalent work experience
• Strong analytical, collaborative, problem solving, organizational and planning skills.
• Strong written and oral interpersonal skills.
• Proficient PC skills; including working knowledge of Microsoft Office products.
• Skill of identifying, capturing, containing, and reporting malware.
• Skill in preserving evidence integrity according to standard operating procedures or national standards.
• Skill in securing network communications.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
• Skill in performing damage assessments.
• Skill in using security event correlation tools.
• Skill to design incident response for cloud service models.
• Knowledge of Endpoints (laptop/desktop/server) related to cyber security incident response
• Knowledge of Incident response case management and automation (SOAR)
• Knowledge of Incident Response toolsets and specifically phishing group mailbox support
• Knowledge of SIEM technologies and utilization within a cyber security environment
• Knowledge of Logging/monitoring solutions and implementations
• Ability to apply comprehensive knowledge and a thorough understanding of concepts, principles, and technical capabilities to perform varied tasks and projects related to incident response.

Responsibilities

• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to perform initial, forensically sound collection on endpoints of security incident related artifacts.
• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to effectively use Enterprise Detection and Response solutions (FireEye HX, CrowdStrike, CarbonBlack) to respond, investigate, and remediate security incidents involving enterprise assets.
• Develop and implement advanced threat detection mechanisms to identify potential security incidents.
• Create custom alerts using our SIEM technologies to enhance visibility and response capabilities.
• Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
• Perform cyber defense trend analysis and reporting.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Coordinate with intelligence analysts to correlate threat assessment data.
• Write and publish after action reviews.

Preferred Qualifications

• 5+ years of experience in a related field preferred
• Bachelor’s or above in related field or equivalent work experience