Type: Full Time
This position will support and provide technical expertise in the areas of Threat Detection & Incident Response including log management, intrusion detection, critical threat response, attack & threat analysis and security operation analytics. This position will also be responsible for implementation, maintenance, and administration of various security systems such as firewalls, SIEMs, Endpoint protection, and intrusion detection systems; this will include monitoring, configuration changes, managing log sources, and updates. They will also be involved in enforcing the network security policies and complying with requirements of security audits and recommendations.
- Identify malicious or anomalous activity based on event data from firewalls, IDS, and other sources.
- Maintain and configure Information Security monitoring systems which provide logging, monitoring, and actionable alerting. Systems include Firewalls; IDS/IPS; Security Incident and Event Monitoring (SIEM) system; and Vulnerability Scanners.
- Monitor and analyze security events and identify trends, attacks, and potential threats.
- Develop and implement SIEM use cases to support the monitoring and ensuring that regulatory and legal compliance. Support the incident response team, by providing support to incident manager.
- Maintain an expert knowledge of modern security tools, methodology, and attack trends in order to develop real-time detection and/or prevention mechanisms.
- Performing threat hunting to discover otherwise undetected threats while creating new detection logic to improve base operations
- Review daily and periodic data to identify, report and remediate vulnerabilities
- Work closely with other teams to integrate security monitoring into new projects.
- Performing analysis of network security needs and contributes to design, integration, and installation of hardware and software.
- Creation of reports, dashboards, metrics for security events
- Other tasks as assigned
CYBER SECURITY QUALIFICATIONS
- Associates Degree in Computer Science, MIS or related field of study; or any equivalent combination of relevant work experience and training
- 4 to 6 years of experience in the Information Security industry, preferably with a concentrated focus on Firewall Management, Endpoint protection, Data Loss Prevention, or Security Event Monitoring.
- Experience with tools and appliances such as Nessus, IPS/IDS, Kali Linux, Palo Alto, Cisco ASA, and SIEMs.
- Experience using network security troubleshooting and traffic analysis tools, such as Splunk and Wireshark.
- Experience working with all phases of firewall and network operations, firewall change requests, firewall configuration, network services, and network security
- Excellent analytical skills, organizational, time management and problem-solving skills are essential.
- Verbal communication skills required for this position requires some interaction with requestors (usually application and technical project teams) and the network and firewall outsourcers technical staff.
- One or more cyber security certifications such as the CISSP, GSEC, CCNA Security or a similar certification.
- Knowledge of insurance companies and the financial service sector is a plus.