Job Description

You are an information security professional excited by the opportunity to be part of the team that s designing and building a Security Operations program from the ground up. You will be responsible for handling the entire lifecycle of security incidents from detection to resolution and root cause analysis. In this role you will be responsible for handling and escalating security incidents and owning critical security projects. You should be comfortable with learning new technologies and highly motivated to develop and deploy cutting edge technologies. You must be security focused and driven to perform in a fast-paced environment. Will be heavily involved helping support SIEM ingestion, use case development, and onboarding new data sources. In this role, you will: Leverage extensive experience in threat analysis, detection, hunting, forensics, and/or incident response. Lead threat hunting activities and drive analysis of threat data and telemetry Integrate tools, playbooks, and SOPs into a consolidated operating model (including SIEM, SOAR, EDR, and others). Develop new technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks. Detect, investigate, and respond to security events from firewalls, IDS, IPS, SIEM, WAF, Mail Gateway, DLP and other sources. Drive selection of new technologies to improve cyber capabilities. Lead, coordinate, work closely with 24/7/365 monitoring, incident detection, and response using both internal resources and an industry leading MSS provider. Advise on the design of security monitoring infrastructure for on premise and cloud solutions. Scope, coordinate and execute tabletop exercises. Configure and troubleshoot security infrastructure devices and ensure the proper operation of security processing routines. Guide after action report (AARs) creation and ensure the business understand the risks and post incident threats. (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.) Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters. Excellent communication skills with the ability to manage joint response and remediation efforts and constructively influence peers and leadership. Bachelors Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience. People focused, with a passion and drive to work on an experienced team of intelligence analysts. Experienced using SIEM (Splunk) and capable of performing threat hunting. Experienced in conducting malware analysis. Effective project management skills. Candidate must be able to react quickly, decisively, and deliberately in high stress situations. Must be willing to work off-shift hours, as needed during incidents. Understanding hands on keyboard experience in any of the following: Digital Forensics & Investigative Response (DFIR), threat intelligence, penetration testing, or security research. Ability to code as needed to solve problems and automate workflows; Python, Terraform, Chef, PowerShell. Hands-on experience with popular incident response and orchestration tools. Drive the design, build, implementation, and compliance monitoring of security controls. Professional, coherent understanding of sophisticated threat actors and their TTPs, including MITRE framework. Direct hands-on experience deploying/evading one or more network security monitoring technologies, including Snort, FortiGate etc. Experience deploying/evading host-based detection tools. CISSP, CEH, OSCP, or related SANS certifications preferred.

foundit