Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Jobs - SENIOR SECURITY INTELLIGENCE AND RESPONSE ENGINEER Sacramento GCFA, GPEN, GNFA, GICSP, GREM, GXPN, GWEB InfoSec Jobs


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SENIOR SECURITY INTELLIGENCE AND RESPONSE ENGINEER
Company California Department of Corrections and Rehabilitation
Location Sacramento
Preferred GIAC Certifications GCFA, GPEN, GNFA, GICSP, GREM, GXPN, GWEB
Travel 10%
Salary $76650 - $100000
URL https://jobs.ca.gov/CalHrPublic/Jobs/JobPosting.aspx?JobControlId=69871
Contact Name Anonymous
Contact Email vitaliy.panych/at/cdcr.ca.gov
Expires 2017-10-08

Job Description

The CDCR Security Intelligence and Operations Center (SIOC) will be leading every aspect of security for one of the most technologically driven correctional and law enforcement operations, the members will coordinate with private, state and federal entities to secure some of the most confidential and sensitive crime and safety information in California. These positions will be at the leading edge to counteract hacker attacks, perform ongoing red-team engagements, proactive insider threat hunting, incident response, cyber threat intelligence collection and analysis, and defense countermeasure implementation. The mission of this team is critical to California in order to enhance public safety by protecting the privacy and civil liberties of all individuals, safeguarding sensitive information, preserving confidentiality, and enabling the Agency to proactively enforce safety, innovate law enforcement, detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, correctional operations, and rehabilitation efforts. The SIOC supports Agency-wide goals and ensures a secure computing environment providing availability, confidentiality and integrity of correctional and rehabilitative information.

Lead technical activities for the Cyber Security Intelligence and Operations Center (SIOC) including initial
implementation and continuous improvement of functions within the SIOC and the ISO. The SIOC senior
lead facilitates activities to hunt for malicious insider behaviors to define and provide response. Ensure
hunting for threats and vulnerabilities is well defined and documented. The incumbent leads, initializes and
refines team processes and functions of threat hunting for malicious and criminal activity across all digital
assets, mentors technical security peers, performs digital forensics and threat intelligence analysis to provide
indications and warnings, and contribute to predictive analysis of malicious activity. Provides direction for the
agency and all teams responsible for information security policy, law enforcement and investigation, IT
architecture, operations, administration, compliance and audit support. Direct in the way the agency performs
day-to-day operations of cyber security functions, development of security initiatives and standards, definition
of work practices and relevant metrics for testing security defense effectiveness, engaging with Agency-wide
functional teams to implement practices that meet defined policies and standards for information security,
and developing organizational communication campaigns to foster a culture of security awareness. Act as a
subject matter expert for an allocated geographic and/or thematic area, closely follow open source and
closed intelligence source reporting on associated actor groups (nation-state, criminal, hacktivist, and
terrorist), exploits, vulnerabilities, incidents and campaigns.

Establish and maintain strong, positive working relationships/partnerships with cyber security, infrastructure
support throughout the Information Technology organization, law enforcement, legal, prosecutorial, and other
business units and teams. Create security strategies, architect secure solutions including but not limited to
cloud deployments, overseeing implementation of host based security and system hardening, and managing
the deployment of security services including remote access, penetration testing, security architecture, threat
hunting, fraud detection, network security, scanning services, log management, and security
monitoring/systems. The SIOC lead enhances skills of the team to develop policies and procedures that
ensure security awareness, risk mitigation and compliance to enhance CDCR’s security posture. As an
active member of the Computer Security Incident Response Team (CSIRT) by enabling the team to provide
technical analysis and identify remediation procedures. Identify, develop, manage, and leverage external
relationships to enhance intelligence collection efforts. Produce Threat Intelligence Reports, detailed analysis
on cyber events, including relevant political, economic, and geopolitical variables on a regular basis. Provide
a forward-looking view of the threat, predicting shifts in adversarial intent, goals, and strategic objectives
agency executive leadership. Lead Enterprise Identity management strategy and implementation of
associated technology to govern authentication and authorization of all users, devices, data, and physical
access. Responsible for the management of the life cycle of security solutions, from its initial implementation
to decommission (installation, setup and initial configuration, installation of patches, corrective changes, etc.).