JOB DESCRIPTION
We are seeking a talented and motivated individual to join our organization and growing team as a Cyber Security Engineer within our Corporate IT Department.
Essential Responsibilities:
Acquire and analyze digital evidence from a variety of workstation, server and mobile platforms.
Analyze log files (sys logs, firewall logs, etc.) to determine security incident impact.
Assist in the security incident response process
– to include analyzing systems with potential malware infections, analyzing emails to determine if they are phishing, spam, etc., identify root cause.
Author regular cybersecurity reports (i.e., monthly dashboards, audit remediation status updates, patch compliance, project status reports; Monthly, quarterly, and ad-hoc strategic and operational risk reporting and analytics for trending, risk assessment, compliance, and active exception reporting.
Communicate with leadership and stakeholders, including IT, Legal, HR, Corporate Security and Incident Response functions.
Conduct scans and configure scanning tools to assist in identifying vulnerabilities and inventory IT systems (may include port scans, vulnerability scans, etc.).
Create and maintain the IT asset inventory, cybersecurity risk register and current corporate cyber risk assessment.
Create/heighten security awareness within the organization by marketing, sending e-mails, create presentations, and present material to employees and contractors.
Develop and maintain website white lists and application white lists.
Develop and enhance security policies, processes and procedures; support service-level agreements (SLAs) to ensure that security controls are managed and maintained.
Ensure compliance with applicable statutes and regulations.
Execute authorized information security project and initiatives.
Implement and audit domain administration restrictions and Group Policy application on user and computer objects.
Keep abreast of emerging cyber security tools and best practices.
Lead/facilitate annual cyber tabletop exercises.
Maintain user security by developing access controls, monitoring and evaluation of security standards.
Monitor the company’s computing environment (servers, firewalls, intrusion detection/prevention systems, anti-virus and malware) logs and network traffic for activities including but not limited to policy violations, abnormal behaviors, intrusions, best practice recommendations, etc.
Oversee penetration testing of all networks and systems to identify system and application vulnerabilities; lead resolution and remediation of findings.
Participate in information security audits.
Participate in Information Security initiatives and projects.
Participate in an on-call rotation for information security and resolve service outages within SLA.
Participate in disaster recovery and business continuity efforts.
Respond to information security requests, incidents, and trouble tickets according to a defined SLA.
Review and monitor administrator account management (normal and privileged).
Serve as an active member on incident response teams, which entails performing forensic and investigation services.
Serve as an advisory role in application development or acquisition projects to assess security requirements and controls, and to ensure that security controls are implemented as planned.
Due to the nature of this work, evening and weekend work may be required. 24/7 on-call for cyber related incidents.
All other duties as assigned.
Required Qualifications:
Must be legally authorized to work in the US.
BS or BA degree in Computer Science, or Information Systems.
Have a minimum of five (5) years of previous HANDS ON work experience with networking and/or cyber security.
The ability to analyze, research, work independently, as well as in a group setting, and explain technical details is required.
Eager/willingness to learn / gain new technical knowledge.
Strong interpersonal skills to work with others effectively.
Strong communication skills, to include the ability to advise on new projects to help improve the company’s safety posture.
Working knowledge of securing Linux, Windows OS family, TCP/IP, and networking technologies.
Thorough understanding of authentication methods, access controls, intrusion detection, firewalls and encryption.
Must possess excellent written and verbal communications skills and be fluent in English.
Must be familiar with the fundamentals of security principles and practices.
Qualifications - Highly Desired:
At least one professional security certification such as CISSP, CISA, CEH, applicable SANs programs, or other industry certifications (e.g., Cisco, Microsoft, VMware) preferred.
3-5 years of Security Operations Center, Cyber Incident Response experience and forensic incident investigations.
Knowledge of Secure Coding Standards and Application Security, Cyber Supply Chain Risk Management, Emerging Technology Risk Management and/or threat model development and management.
Understanding of evidence handling and chain-of-custody procedures.
Malware analysis and sandboxing.
Broad understanding of multiple forensic platforms and tools
EnCase, FTK, Volatility, The Sleuth Kit (TSK), and various Open Source forensic tools (SANS SIFT or REMnux).
Knowledge of Industrial Control Systems and related cyber protections.
Ability to effectively read/write/speak Spanish.
Experience with the following tools:
o Rapid7 or Tenable vulnerability detection management software
o IBM QRadar and/or Splunk SIEM
o CISCO ASA or Firepower / Palo Alto Firewall
o Wireshark packet captures and analysis
Desired Certifications (at least one of the following certifications):
EnCase Certified Examiner (EnCE)
Certified Forensic Security Responder (CFSR)
SANS Certifications (GCFE, GCFA, GNFA, GREM)
CISSP, CEH highly desirable but not required